Symantec Access Management

Tech Tip : CA Single Sign-On : Addressing CVE-2018-11776 for CA Single Sign-On

  • 1.  Tech Tip : CA Single Sign-On : Addressing CVE-2018-11776 for CA Single Sign-On

    Broadcom Employee
    Posted 08-29-2018 09:37 AM

    Introduction:

     

    From the Red Hat CVE Database entry on CVE-2018-11776:

    "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from
    possible Remote Code Execution when using results with no namespace
    and in same time, its upper action(s) have no or wildcard
    namespace. Same possibility when using url tag which doesn't have
    value and action set and in same time, its upper action(s) have no
    or wildcard namespace."

     

    Question:

     

    Is CA Single Sign-On product vulnerable to CVE-2018-11776?

     

    Answer:

     

    CA Single Sign-On is not vulnerable to CVE-2018-11776. As CA Single

    Sign-On includes struts 1.x version Additional Information:

    Red Hat CVE database: https://access.redhat.com/security/cve/cve-2018-11776

     

    KB : KB000112410