Siteminder and Struts CVE-2023-50164.
search cancel

Siteminder and Struts CVE-2023-50164.


Article ID: 277331


Updated On:




This article discuss CVE-2023-50164 impacting apache struts as described in the below articles and its impact on Siteminder products.


Release: Applicable to all supported SiteMinder releases.
Component: CA SiteMinder (CA Single Sign-On).


We are confirming that the Siteminder suite is " NOT " impacted by the vulnerability " CVE-2023-50164 " as struts.jar is not being used in any of the Siteminder components.

- Starting with " 12.8 SP3 " release, the struts jar files have been removed from Siteminder except the AdminUI component under the following path.

Location: <Install_home>/adminui/standalone/deployments/iam_siteminder.ear/management_console.war/WEB-INF/lib/struts2-core-2.5.17.jar

- If the struts jar exists, please stop the AdminUI service and remove the jar file and start the AdminUI service back.  

Location:  " struts2-core-xxx.jar " file from <Install_home>/adminui/standalone/deployments/iam_siteminder.ear/management_console.war/WEB-INF/lib folder.

- Again, kindly make sure and stop the AdminUI service before removing the above mentioned jar.

Customers can just "remove" the "struts2-core-2.5.17.jar" or any version of " struts2-core-xxx.jar " from the Admin UI location.

Please note that we are NOT suggesting customers upgrade it to the latest non-vulnerable release and again, we are suggesting to "remove" it from the AdminUI location.

There will be NO limitations in the AdminUI console even after removing this struts2-core-xxx.jar from the Admin UI location.

Removal of any version of struts2-core-xxx.jar file from the Admin UI location does not have any functional impact on AdminUI.

As always, we highly recommend customers to take the backup of the "struts2-core-2.5.17.jar" (struts2-core-xxx.jar) file before removing it and please test this in a lower TEST environment first and test all the possible use cases at your end before making the same changes in your higher environments.