From the Red Hat CVE Database entry on CVE-2018-11776:<br><br> "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from<br> possible Remote Code Execution when using results with no namespace<br> and in same time, its upper action(s) have no or wildcard<br> namespace. Same possibility when using url tag which doesn't have<br> value and action set and in same time, its upper action(s) have no<br> or wildcard namespace."<br> <br> <br> Is CA Single Sign-On product vulnerable to CVE-2018-11776?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP<br> Component: <br>
CA Single Sign-On is not vulnerable to CVE-2018-11776, as CA Single<br>Sign-On includes struts 1.x version<br><br><br>
Red Hat CVE database: https://access.redhat.com/security/cve/cve-2018-11776