Skip to main content
System StatusContact Support
VersionOne Community

Was VersionOne affected by the CVE-2018-11776 Apache Struts Arbitrary Code Execution?

Background 
It is possible to perform a RCE attack when namespace value isn't set for a result defined in underlying configurations and in same time, its upper action(s) configurations have no or wildcard namespace. Same possibility when using url tag which doesn’t have value and action set and in same time, its upper action(s) configurations have no or wildcard namespace.

Answer

The VersionOne application itself does not utilize the Apache Struts package, therefore the application or any systems are not impacted.