ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2021-31805 Forced OGNL evaluation - Is DX Netops Spectrum Vulnerable?

book

Article ID: 239504

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Is DX Netops Spectrum 21.2.x vulnerable to CVE-2021-31805?

The Apache Software Foundation has released a security advisory to address a vulnerability in Struts in the version range 2.0.0 to 2.5.29. An attacker could exploit this vulnerability to take control of an affected system.  

Resolution

DX Netops Spectrum 21.2.8 ships with 2.5.26 version of Struts2.

Broadcom is reviewing and assessing if the product is vulnerable.  This KB will be updated as more information becomes available.