Struts Vulnerability - CVE-2020-17530 and its impact on Identity Manager
Is Identity Manager vulnerable to CVE-2020-17530?
Release : 14.2, 14.3, 14.4
Component : IdentityMinder(Identity Manager)
Identity Manager is safe from the CVE-2020-17530 struts2 vulnerability.
The vulnerability CVE-2020-17530 impacts struts2: using forced OGNL evaluation on untrusted user input with double evaluation, leading to a RCE and security degradation vulnerability.
Identity Manager's usage of OGNL expression(s) are strictly for getting data from server and does not send, set or allow for user input for double evaluation.