- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2023 12:22 PM
Hi,
We have a notification about a vulnerability on Apache Struts
Summary:
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that, when exploited, allows an attacker to execute arbitrary code.
Affected Product:
Apache Struts Major Version
6.0.0 through 6.3.0.1
Apache Software Foundation Struts
2.0.0 through 2.5.32
Solution:
Upgrade to Struts 2.5.33, 6.3.0.2 or greater.
- Does ServiceNow uses Struts (if not, is there any document that confirms that)?
- Is ServiceNow aware of any exploits related to this vulnerability and what is the impact of those exploits?
- Does your organization plan to upgrade to versions 2.5.33, 6.3.0.2? If so, when?
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2023 12:55 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2023 12:55 PM
Actually, we found this.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0870765