CA SDM AMS uses Apache Struts version 2.5.30 in 17.3 RU23 and version 2.5.31 in 17.4 RU1.
These versions are vulnerable to RCE attack
CA Service Desk Manager 17.2, 17.3 RU23 and 17.4 RU1
All Supported Windows Operating Systems
Long term remediation
The upgrade of Apache Struts to version 2.5.33 to be delivered in CA SDM 17.4 RU2
Short term remediation
1. Download struts-2.5.33-min-lib.zip from Apache website
2. Extract the downloaded struts-2.5.33-min-lib ZIP file and copy the struts2-core-2.5.33.jar from the extracted folder struts-2.5.33-min-lib\struts-2.5.33\lib
3. Remove the existing struts2-core-2.5.31.jar and paste the updated struts2-core-2.5.33.jar in the following folder
4. Restart the CA SDM Service from the Windows Services console
As always, we recommend testing all changes in a non-PROD environment first.