The CVE-2017-5638 vulnerability was recently detected for the Apache Struts library: https://cwiki.apache.org/confluence/display/WW/S2-045 . Does this vulnerability affect any version of APM?
The CVE-2017-5638 vulnerability report describes two Struts 2 framework classes which allow for the vulnerability (specifically the FileUploadInterceptor.java and LocalizedTextUtil.java classes).
APM currently makes use of the Struts 1.1, Struts 1.2.7 and Struts-menu2.3 frameworks, which do not make use the affected classes. The Struts-menu 2.3 library(though v2.3) is an independent library and the classes affected are not available in any Struts 1.x framework. Therefore APM is not affected by this vulnerability.
As always, please contact CA Support if you have any further questions.