Does ServiceNow use Apache Struts.

Canjura · ‎12-14-2023

Hi,

We have a notification about a vulnerability on Apache Struts

Summary:
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that, when exploited, allows an attacker to execute arbitrary code.

Affected Product:

Apache Struts Major Version
6.0.0 through 6.3.0.1

Apache Software Foundation Struts
2.0.0 through 2.5.32

Solution:
Upgrade to Struts 2.5.33, 6.3.0.2 or greater.

- Does ServiceNow uses Struts (if not, is there any document that confirms that)?
- Is ServiceNow aware of any exploits related to this vulnerability and what is the impact of those exploits?

- Does your organization plan to upgrade to versions 2.5.33, 6.3.0.2? If so, when?

Thanks

Canjura · ‎12-14-2023

Actually, we found this.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0870765

View solution in original post

Canjura · ‎12-14-2023

Actually, we found this.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0870765