Vulnerability scan detected the following vulnerability on a CA Asset Portfolio Management/IT Asset Manager server
Apache Struts: CVE-2024-53677
Path: CA\SharedComponents\AMS\Tomcat\webapps\AMS\WEB-INF\lib\struts2-core-2.5.33.jar
Installed version : 2.5.33
Fixed version: Upgrade to a version greater than 2.5.33
CA IT Asset Portfolio Management/IT Asset Manager 17.4.x
All Supported Windows Operating Systems
The ITAM Engineering team has reviewed the reported ITAM Struts vulnerability.
It has been confirmed that ITAM does not use FileUploadInterceptor class in AMS.
According to Apache, applications not using FileUploadInterceptor are safe.
There are plans to upgrade Apache Struts in both ITAM and SDM to a minimum of version 6.4.0 (or the latest available) in future releases.
As of March 2025, there is no ETA as to which future release will contain the upgraded Apache Struts component.