Does ServiceNow use Apache Struts.

Canjura
Tera Expert

Hi, 

 

We have a notification about a vulnerability on Apache Struts

Summary:
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that, when exploited, allows an attacker to execute arbitrary code.

 

Affected Product:

Apache Struts Major Version
6.0.0 through 6.3.0.1

Apache Software Foundation Struts
2.0.0 through 2.5.32

 

Solution:
Upgrade to Struts 2.5.33, 6.3.0.2 or greater. 

 

- Does ServiceNow uses Struts (if not, is there any document that confirms that)?
- Is ServiceNow
 aware of any exploits related to this vulnerability and what is the impact of those exploits?

- Does your organization plan to upgrade to versions 2.5.33, 6.3.0.2? If so, when?

Thanks

1 ACCEPTED SOLUTION
1 REPLY 1