Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Does ServiceNow use Apache Struts.

Go to solution
Canjura
Tera Expert

‎12-14-2023 12:22 PM

Hi, 

 

We have a notification about a vulnerability on Apache Struts

Summary:
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that, when exploited, allows an attacker to execute arbitrary code.

 

Affected Product:

Apache Struts Major Version
6.0.0 through 6.3.0.1

Apache Software Foundation Struts
2.0.0 through 2.5.32

 

Solution:
Upgrade to Struts 2.5.33, 6.3.0.2 or greater. 

 

- Does ServiceNow uses Struts (if not, is there any document that confirms that)?
- Is ServiceNow aware of any exploits related to this vulnerability and what is the impact of those exploits?

- Does your organization plan to upgrade to versions 2.5.33, 6.3.0.2? If so, when?

Thanks

0 Helpfuls
  • 716 Views
1 ACCEPTED SOLUTION
1 REPLY 1