From the Red Hat CVE Database entry on CVE-2018-11776:
"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer frompossible Remote Code Execution when using results with no namespaceand in same time, its upper action(s) have no or wildcardnamespace. Same possibility when using url tag which doesn't havevalue and action set and in same time, its upper action(s) have noor wildcard namespace."
Is CA Single Sign-On product vulnerable to CVE-2018-11776?
CA Single Sign-On is not vulnerable to CVE-2018-11776. As CA Single
Sign-On includes struts 1.x version Additional Information:
Red Hat CVE database: https://access.redhat.com/security/cve/cve-2018-11776
KB : KB000112410