3 Replies Latest reply on Mar 15, 2017 9:51 AM by Ryan Rutan

    Apache Struts vulnerability CVE-2017-5638 affecting Jive?

    markus@tembosocial.com

      Hi there,

       

      I haven't been able to find any information on this, so I'm asking it here: Since Jive uses Struts, does this affect Jive and if yes, which versions?

       

      We found Struts in

      /usr/local/jive/applications/template/application/WEB-INF/lib/struts2-core-2.3.20.jar

      We are worried, since that is a severe issue and we can't find any statement on that - which (I hope) means it is of no relevance, but an official statement would calm the moods.

       

      http://www.securityweek.com/vmware-preparing-patches-catastrophic-struts-flaw

      ..."The remote code execution vulnerability, tracked as CVE-2017-5638, has been described by VMware as “catastrophic.”

       

      http://www.securityweek.com/apache-struts-vulnerability-exploited-wild

       

      So, anybody any ideas if this affects us Jive users or not?

       

      PingingRyan Rutan

      cc: butch, Steven Green, Brennan Kirby, Elysha Ames