Addressing CVE-2018-11776 for CA Single Sign-On

book

Article ID: 112410

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

From the Red Hat CVE Database entry on CVE-2018-11776:

  "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from
  possible Remote Code Execution when using results with no namespace
  and in same time, its upper action(s) have no or wildcard
  namespace. Same possibility when using url tag which doesn't have
  value and action set and in same time, its upper action(s) have no
  or wildcard namespace."
 

  Is CA Single Sign-On product vulnerable to CVE-2018-11776?

Environment

Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:

Resolution

CA Single Sign-On is not vulnerable to CVE-2018-11776, as CA Single
Sign-On includes struts 1.x version


 

Additional Information

Red Hat CVE database: https://access.redhat.com/security/cve/cve-2018-11776