Details of the Struts versions visible during scan.
search cancel

Details of the Struts versions visible during scan.

book

Article ID: 315868

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

APG Struts vulnerability reported by scanner.  

An outdated version of struts was found at <APG_BASE>/Web-Servers/Tomcat/Default/webapps/mib-browser/WEB-INF/lib/

Per NVD_CVE-2020-17530 vulnerability is fixed in version : 2.5.x.

To check for critical vulnerabilities for all VMware products use the following link: VMware Security Advisories

Environment

Watch4net / MnR - 7.x

Resolution

MnR 7.4.1.1 has struts2-core-2.5.30.jar installed.
MnR 7.3.0.5 has struts2-core-2.5.26.jar file installed.
MnR 7.2.0.1 has struts2-core-2.5.26.jar file installed.
MnR 6.8.u5 has the struts2-core-2.3.34.jar  installed.

To resolve the issue, it is recommended to upgrade Watch4net/MnR to latest available version as of now i.e MnR 7.7.


Additional Information

MnR MIB-Browser module has been deprecated in 7.x and removed in 7.2.0.1. 


Powered by Wolken Software