Question
Nielsen
IN
Last activity: 23 Apr 2025 5:32 EDT
CVE-2024-53677 vulnerability in PRPC System Management Universal SMA 7.3.1
hey, we got a vulnerability in pega prsysmnmt
File /usr/local/tomcat/webapps/prsysmgmt/WEB-INF/lib/struts2-core-2.5.16.jar version 2.5.16 is vulnerable to CVE-2024-53677, which exists in versions >= 2.0.0, < 6.4.0
this struts lib was present in the prsysmgmt.war
As a fix, i replaced the lib with version struts2-core-2.5.16.jar and restarted pega tomcat. The designer studio is working. but the System management application is not working. Could any know how to fix this. Is there any fix without upgrading pega Current version Pega 7.2 RPC System Management Universal SMA 7.3.1
ERROR
HTTP Status 404 – Not Found
Type Status Report
Message /prsysmgmt
Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
Apache Tomcat/8.5.38
Updated: 23 Apr 2025 5:32 EDT
Pegasystems Inc.
GB
@RejithR17454984 you are on a legacy, unsupported version.
Please upgrade asap in order to be on the most secure platform possible.
Who can I contact with questions about the Extended Support Policy?
If you have questions about Extended Support, contact Pega Support or your Client Success Manager. For contact information, see Pega Support Contact Information.
Please log a ticket via the MSP so that our engineers can determine whether they can send the latest SMA war and ear files containing struts2-core 6.7.0 version.
Please come back and provide a reply with the INC number and then the final outcome to this issue.