AMS Apache Struts Vulnerability: CVE-2024-53677
search cancel

AMS Apache Struts Vulnerability: CVE-2024-53677

book

Article ID: 388531

calendar_today

Updated On: 03-17-2025

Products

CA IT Asset Manager Asset Portfolio Management

Issue/Introduction

Vulnerability scan detected the following vulnerability on a CA Asset Portfolio Management/IT Asset Manager server

Apache Struts: CVE-2024-53677

Path: CA\SharedComponents\AMS\Tomcat\webapps\AMS\WEB-INF\lib\struts2-core-2.5.33.jar
Installed version : 2.5.33
Fixed version: Upgrade to a version greater than 2.5.33

Environment

CA IT Asset Portfolio Management/IT Asset Manager 17.4.x

All Supported Windows Operating Systems

Resolution

The ITAM Engineering team has reviewed the reported ITAM Struts vulnerability.

It has been confirmed that ITAM does not use FileUploadInterceptor class in AMS.

According to Apache, applications not using FileUploadInterceptor are safe.

Additional Information

There are plans to upgrade Apache Struts in both ITAM and SDM to a minimum of version 6.4.0 (or the latest available) in future releases.

As of March 2025, there is no ETA as to which future release will contain the upgraded Apache Struts component.