Hi Team,
I was reached out by our Security team stating that there was a struts Vulnerability and the applications needed to be upgraded.
The US-CERT page says:
The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected.
NCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for CVE-2016-1000031 and upgrade to the latest released version of Commons FileUpload library, which is currently 1.3.3.
More details of CVE below.
http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E
I would like to know the Struts version of the Spectrum and which version of Spectrum is vulnerable and what version of the Spectrum will have a fix for this?
Same way would like to know the Struts version of CA-UIM and which versions of CA-UIM is Vulnerable and what version will have the fix for this?
Hope so CA SOI is not affected with this.
Expecting inputs and some valuable information.
Thank You!
Saju Mathew