Can anyone confirm that the CEM Internet Gateways are not susceptible to the remote code exectution vulnerability reported in CVE-2018-11776?
Can it be confirmed if Apache Struts are used or not on the CEM Gateways?
thanks
We have a Cloud-Enabled Management Internet Gateway (released with version 8.1) running in our environment. I can confirm that only the Apache Web Server (httpd) and NOT the totally-separate Apache Struts application server. As such, it is not vulnerable to the CVE which you mentioned.
Also, the Internet Gateway in version 8.5 removes Apache httpd, so you will have even less to worry about.