ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2021-31805 Forced OGNL evaluation - Is DX Netops Spectrum Vulnerable?


Article ID: 239504


Updated On:


CA Spectrum DX NetOps


Is DX Netops Spectrum 21.2.x vulnerable to CVE-2021-31805?

The Apache Software Foundation has released a security advisory to address a vulnerability in Struts in the version range 2.0.0 to 2.5.29. An attacker could exploit this vulnerability to take control of an affected system.  


DX Netops Spectrum 21.2.8 ships with 2.5.26 version of Struts2.

Broadcom is reviewing and assessing if the product is vulnerable.  This KB will be updated as more information becomes available.