BSA/TSSA/BDSSA: Is BSA/TSSA/BDSSA affected by CVE-2017-9791 (Apache Struts Remote Code Execution Vulnerability)?

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BladeLogic Server Automation Suite


    COMPONENT:

    TrueSight Server Automation


    APPLIES TO:

    All BDSSA versions & BSA/TSSA versions



    QUESTION:

    Is BSA/TSSA/BDSSA affected by CVE-2017-9791 (Apache Struts Remote Code Execution Vulnerability)?
     


    ANSWER:

    The vulnerability (CVE-2017-9791) affects only Apache Struts2 library and BSA & BDSSA do not use the library.

    Thus BSA and BDSSA are not affected by the vulnerability.


    SEVERITY:
    CVSSv3: 9.8, CVSSv2: 7.5

    DESCRIPTION:
    The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

    ANALYSIS:
    The vulnerability affects Apache Struts2 library. BSA and BDSSA do not use the library and so are not affected.


    Article Number:

    000139608


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles