A critical Apache Struts security vulnerability (S20-057/CVE-2018-11776) was documented on August 22, 2018. Please check here for more details about the security vulnerability.
How does this affect me?
Foglight is not vulnerable to the CVE-2018-11776 as it does not meet the two conditions that exposes this Struts vulnerability. If you wish to ensure that your security compliance detection scanning solution does not flag Foglight and to address any concerns of CVE issues, a patch and instructions can be found below.
Resolution
If you are using 5.9.x and 5.7.5.x versions of Foglight, please see Knowledge Base article 260755 for instructions on how to apply Foglight Hotfix and update Apache Struts versions.
Status
The next releases of the Foglight Management Server will include updated versions of Apache Struts. Notifications will be sent out regarding new releases when available.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center