A critical security vulnerability with the Jakarta Multipart parser in certain versions of Apache Struts was documented on March 10, 2017. Please check here for more details about the security vulnerability. All supported versions of the Foglight Management Server use an impacted version of Apache Struts.
How does this affect me?
The Apache Struts vulnerability is exposed in Foglight. This may allow remote code execution when performing file upload based on Jakarta plugin.
If you are using any version of Foglight, please see Knowledge Base article 227161 for instructions on how to update Apache Struts.
If you are using a Foglight appliance, please see Knowledge Base Article 227265 for instructions on how to hotfix your appliance
The next releases of the Foglight Management Server and the end-user appliances will include updated versions of Apache Struts. Notifications will be sent out regarding new releases when available.