On Monday, March 6, 2017 a remote code execution vulnerability in Apache Struts 2 was disclosed, CVE-2017-5638. The exploit allows a remote attacker to inject commands into a web application using the "Content-Type" header.
The National Vulnerability Database gives this vulnerability a CRITICAL (9.8) risk rating using the Common Vulnerability Scoring System (CVSS).
Please be advised that CA Workload Control Center and CA Workload Automation iDash are not affected.
CA Workload Automation Team