Apache Struts vulnerability CVE-2023-34396 and CVE-2023-34149

search cancel

Apache Struts vulnerability CVE-2023-34396 and CVE-2023-34149

book

Article ID: 271328

calendar_today

Updated On:

Products

DX NetOps CA Spectrum

Issue/Introduction

Is there a Spectrum Patch that addresses the following vulnerabilities:

Apache Struts: S2-064 (CVE-2023-34396): Security updates available for Apache Struts - Vulnerable software installed: Apache Struts 2.5.30 (/opt/CA/spectrum/tomcat/lib/struts2-core-2.5.30.jar)

Apache Struts: S2-063 (CVE-2023-34149): Security updates available for Apache Struts - Vulnerable software installed: Apache Struts 2.5.30 (/opt/CA/spectrum/tomcat/lib/struts2-core-2.5.30.jar)

Environment

Release : 22.2

Cause

Spectrum 22.2.11 is vulnerable. We are using the Apache Struts 2.5.30.

Resolution

These vulnerabilities will be addressed in the 23.3.1 release of Spectrum.

Feedback

thumb_up Yes

thumb_down No