ITAM AMS Apache Struts Vulnerability - CVE-2023-50164
search cancel

ITAM AMS Apache Struts Vulnerability - CVE-2023-50164


Article ID: 277176


Updated On:


CA IT Asset Manager Asset Portfolio Management CA IT Asset Manager


ITAM AMS uses Apache Struts version 2.5.30 in 17.3 RU23 and version 2.5.31 in 17.4 RU1.

These versions are vulnerable to RCE attack


CA IT Asset Manager 17.3 RU23 and 17.4 RU1

All Supported Windows Operating Systems


Long term remediation

The upgrade of Apache Struts to version 2.5.33 to be delivered in ITAM 17.4 RU2

Short term remediation

1. Download from Apache website

2. Extract the downloaded struts-2.5.33-min-lib ZIP file and copy the struts2-core-2.5.33.jar from the extracted folder struts-2.5.33-min-lib\struts-2.5.33\lib

3. Remove the existing struts2-core-2.5.31.jar and paste the updated struts2-core-2.5.33.jar in the following folder

C:\Program Files (x86)\CA\SharedComponents\AMS\TomCat\webapps\AMS\WEB-INF\lib

4. Restart the ITAM AMS Service from the Windows Services console