search cancel

CVE-2021-31805 Forced OGNL evaluation - Is DX Netops Spectrum Vulnerable?

book

Article ID: 239504

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Is DX Netops Spectrum 21.2.x vulnerable to CVE-2021-31805?

The Apache Software Foundation has released a security advisory to address a vulnerability in Struts in the version range 2.0.0 to 2.5.29. An attacker could exploit this vulnerability to take control of an affected system.  

Resolution


DX Netops Spectrum 21.2.8 and 21.2.10 ship with versions 2.5.26 and 2.5.29 of Struts2.


Spectrum 21.2.12 ships with Apache Struts 2.5.30 which addresses this vulnerability.