This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
BladeLogic Server Automation Suite
TrueSight Server Automation
All BDSSA versions & BSA/TSSA versions
Is BSA/TSSA/BDSSA affected by CVE-2017-9791 (Apache Struts Remote Code Execution Vulnerability)?
The vulnerability (CVE-2017-9791) affects only Apache Struts2 library and BSA & BDSSA do not use the library.
Thus BSA and BDSSA are not affected by the vulnerability.
CVSSv3: 9.8, CVSSv2: 7.5
The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
The vulnerability affects Apache Struts2 library. BSA and BDSSA do not use the library and so are not affected.