This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Platform Product Advisories
Read and subscribe to the latest announcements and advisories relating to the NetWitness Platform.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Products
- NetWitness Platform
- Advisories
- Product Advisories
- Apache Struts 2 Remote Code Execution Vulnerability (CVE-2018-11776): Impact on RSA products
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Apache Struts 2 Remote Code Execution Vulnerability (CVE-2018-11776): Impact on RSA products
Apache Struts 2 Remote Code Execution Vulnerability (CVE-2018-11776): Impact on RSA products
Article Number
000036658
CVE ID
000036658
Article Summary
On August 22, 2018, Apache Software Foundation disclosed a vulnerability in Apache Struts 2 that could allow an attacker to execute arbitrary commands remotely on affected systems. For more information on this vulnerability, please review the Apache security advisory (S2-057).
Link to Advisories
Resolution
RSA is aware of and investigating the impact of this vulnerability on our products. The following table contains the latest available impact information. The table will be updated as additional information becomes available.
| RSA Product Name | Versions | Impact Status | Details | Last Updated |
|---|---|---|---|---|
| RSA 3D Secure/Adaptive Authentication eCommerce | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Access Manager | 6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4 | Not Impacted | Product uses Apache Struts but not impacted by this issue. | 2018-08-30 |
| RSA Adaptive Authentication Cloud | All Supported | Not Impacted | 2018-08-24 | |
| RSA Adaptive Authentication Hosted | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-28 |
| RSA Adaptive Authentication On-Prem | 7.x | Not Impacted | Product does not use impacted version of Apache Struts. | 2018-08-28 |
| RSA Archer Hosted | N/A | Not Impacted | 2018-08-24 | |
| RSA Archer Platform | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Archer Security Operations Management (SecOps) | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Archer Vulnerability & Risk Manager (VRM) | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Authentication Client (RAC) | All Supported | Investigating | 2018-08-24 | |
| RSA Authentication Manager | All Supported | Not Impacted | 2018-08-24 | |
| RSA Authentication Manager Web Tier | All Supported | Not Impacted | 2018-08-27 | |
| RSA BSAFE C Products: MES, Crypto-C ME, SSL-C | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA BSAFE Java Products: Cert-J, Crypto-J, SSL-J | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Central | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-10-25 |
| RSA Data Loss Prevention | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Data Protection Manager | All Supported | Not Impacted | 2018-08-31 | |
| RSA DCS: RSA Certificate Manager | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA DCS: RSA Validation Manager | All Supported | Not Impacted | Product does not use impacted version of Apache Struts. | 2018-08-27 |
| RSA eFraudNetwork (eFN) | All Supported | Not Impacted | 2018-08-24 | |
| RSA Federated Identity Manager | All Supported | Not Impacted | Product does not use impacted version of Apache Struts. | 2018-08-27 |
| RSA FraudAction (OTMS) | All Supported | Not Impacted | 2018-08-24 | |
| RSA Identity Governance and Lifecycle Software (RSA Via Lifecycle and Governance Software, RSA Identity Management & Governance Software) | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Identity Governance and Lifecycle Appliance (RSA Via Lifecycle and Governance Appliance, RSA Identity Management & Governance Appliance) | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Identity Governance and Lifecycle SaaS / MyAccessLive (RSA Via Lifecycle and Governance SaaS / MyAccessLive) | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA Identity Governance and Lifecycle Virtual Application | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-29 |
| RSA NetWitness Endpoint (ECAT) | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA NetWitness Logs & Packets / Security Analytics (Hardware and Virtual Appliances) | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA NetWitness Live Infrastructure | All Supported | Not Impacted | Product does not use Apache Struts. | 2018-08-24 |
| RSA SecurID Access Cloud Service | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Access IDR VM | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Agent for PAM | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Agent for Web | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Agent for Windows | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Authenticate App for Android | All Supported | Investigating | 2018-08-24 | |
| RSA SecurID Authenticate App for iOS | All Supported | Investigating | 2018-08-24 | |
| RSA SecurID Authenticate App for Windows 10 | All Supported | Investigating | 2018-08-24 | |
| RSA SecurID Authentication Engine | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Authentication SDK | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token Converter | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token for Android | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token for Blackberry | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token for Desktop | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token for iPhone | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token for Windows Mobile | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token Toolbar | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Software Token Web SDK | All Supported | Not Impacted | 2018-08-24 | |
| RSA SecurID Transaction Signing SDK | All Supported | Not Impacted | 2018-08-24 | |
| RSA SYN | Current Hosted Environment | Not Impacted | Product does not use Apache Struts. | 2018-11-01 |
| RSA Web Threat Detection | All Supported | Not Impacted | Product does not use Apache Struts | 2018-08-24 |
Tags (30)
- Advisory
- All Products
- All RSA Products
- All Versions
- Any Version
- Customer Support
- Customer Support Article
- CVE
- Every Version
- High Profile
- Impact
- Impacted
- KB Article
- Knowledge Article
- Knowledge Base
- Recommendation
- RSA Security Advisory
- RSA Security Alert
- Security Advisory
- Security Advisory Article
- Security Alert
- Security Notification
- Security Recommendations
- Security Warning
- Version Agnostic
- Vuln
- Vulnerabilities
- Vulnerability
- Vulnerability Warning
- Vulnerable
No ratings
