We're reclaiming inactive PDIs to keep them available for active builders. Learn what's changing, who's affected, and how to protect your work. Read More

Does ServiceNow use Apache Struts.

Canjura
Tera Expert

Hi, 

 

We have a notification about a vulnerability on Apache Struts

Summary:
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that, when exploited, allows an attacker to execute arbitrary code.

 

Affected Product:

Apache Struts Major Version
6.0.0 through 6.3.0.1

Apache Software Foundation Struts
2.0.0 through 2.5.32

 

Solution:
Upgrade to Struts 2.5.33, 6.3.0.2 or greater. 

 

- Does ServiceNow uses Struts (if not, is there any document that confirms that)?
- Is ServiceNow
 aware of any exploits related to this vulnerability and what is the impact of those exploits?

- Does your organization plan to upgrade to versions 2.5.33, 6.3.0.2? If so, when?

Thanks

1 ACCEPTED SOLUTION
1 REPLY 1