Built something you're proud of? Tell the story. A quick G2 review of App Engine or Build Agent helps other developers see what's possible on ServiceNow. Share your experience.

Does ServiceNow use Apache Struts.

Go to solution
Canjura
Tera Expert

‎12-14-2023 12:22 PM

Hi, 

 

We have a notification about a vulnerability on Apache Struts

Summary:
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that, when exploited, allows an attacker to execute arbitrary code.

 

Affected Product:

Apache Struts Major Version
6.0.0 through 6.3.0.1

Apache Software Foundation Struts
2.0.0 through 2.5.32

 

Solution:
Upgrade to Struts 2.5.33, 6.3.0.2 or greater. 

 

- Does ServiceNow uses Struts (if not, is there any document that confirms that)?
- Is ServiceNow aware of any exploits related to this vulnerability and what is the impact of those exploits?

- Does your organization plan to upgrade to versions 2.5.33, 6.3.0.2? If so, when?

Thanks

0 Helpfuls
  • 967 Views
1 ACCEPTED SOLUTION
1 REPLY 1