The CVE-2023-34149 and CVE-2023-50164 vulnerabilities exist in Apache Struts version 2.0.0 to 2.5.32.
Apache struts2-2.5.26 version (VIP EG 9.9.x) and Apache struts2-2.5.30 version (VIP EG 9.10.x) exist in the install directory of the VIP Enterprise Gateway.
VIP Enterprise Gateway on Windows or Linux
Note:
Struts2 version 2.5.33 will be included in VIP Gateway 9.11.0 (coming soon). Whenever possible, upgrade to VIP EG 9.10.3 (Windows) or 9.10.2 (Linux) before applying this fix.