SDM CVE-2024-53677 Apache Struts vulnerability

search cancel

SDM CVE-2024-53677 Apache Struts vulnerability

book

Article ID: 393397

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

The vulnerability scan detected the following vulnerability on Service Desk Manager

CVE-2024-53677 Apache Struts Remote Code Execution

Path : NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\AMS\WEB-INF\lib\struts2-core-2.5.33.jar

Installed version : 2.5.33

Fixed version : Upgrade to a version greater than 2.5.33

Environment

Service Desk Manager 17.4 RU2, RU3 and RU4

Apache Struts 2.5.33

Resolution

As per the CVE-2024-53677 the vulnerability is only applicable if using "FileUploadInterceptor".

The Engineering team has analyzed this vulnerability and confirms that the Service Desk Manager does not use "FileUploadInterceptor"; hence, our application is not vulnerable to CVE-2024-53677

Additional Information

CVE-2024-53677 Detail

AMS Apache Struts Vulnerability: CVE-2024-53677

Feedback

thumb_up Yes

thumb_down No