Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Saurabh Satyarthi (SaurabhS511) Saurabh Satyarthi
Incessant
IN
SaurabhS511 Member since 2015 2 posts
Posted: Mar 3, 2022
Last activity: Jun 20, 2022
Posted: 3 Mar 2022 4:33 EST
Last activity: 20 Jun 2022 2:22 EDT
Closed
Solved

What is the struts framework version in PEGA 7.2.1?

there was a new vulnerability released for Apache Struts.

Apache Struts 2 namespace Remote Code Execution Vulnerability (S2-057)

Is Pega Version 7.2.1 affected by this? 


***Edited by Moderator Marije to add Capability tags***
To see attachments, please log in.
Pega Platform 7.2.1
Security

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 15 Jun 2022 10:54 EDT
Updated: 20 Jun 2022 2:22 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@SaurabhS511  please see a previous forum question about this:

Is PEGA PRPC 7.2.1(Using Websphere server) is affected with Apache Struts Vulnerability CVE-2018-11776

Struts was only used in SMA.  It was not used in the platform.  In PEGA 8, the SMA was replaced with ADMIN STUDIO and STRUTS is no longer used.

The SMA is vulnerable to this issue because of its use of Struts.  We  upgraded struts version to  2.3.35 for Universal SMA  to address vulnerability above with Struts 2.5.17. 

Please log a support ticket requesting hotfix  HFIX-46844  and  HFix-46946.

A separate prsysmgmt wars and ears will be generated as part of this hotfix. They will need to be deployed per the application server context   Hotfix installation instructions:  Redeploy SMA war

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice