Is CA Identity Manager impacted by vulnerability CVE-2017-5638?
Release: CAIDMB99000-12.6.8-Identity Manager-B to B
Identity Manager 12.0, 12.5, 12.6, 14.0 and 14.1 use and older Apache Struts version 1.2.9 which is not vulnerable to the CVE-2017-5638 exploit.
Identity Manager 14.2 has upgraded the Struts version to Apache Struts 126.96.36.199 which is also not vulnerable to the CVE-2017-5638 exploit.
You can find details on this in the documentation here:
Upgraded to Apache Struts 188.8.131.52 to overcome security vulnerabilities.
CA Identity Manager release 14.2 uses Apache Struts 184.108.40.206 for Management Console. With Apache Struts 220.127.116.11 support, the given changes are applicable:
Management Console Access URL: The URL to access Management Console programmatically has changed. The syntax of the new URL is as follows: