Reference Name: Apache Struts 2 Remote Code Execution Vulnerability
Status: No action by customers is required
8-24-2018 – Assessment completed
Customer deployments of SAS® are not vulnerable to CVE-2018-11776.
It is possible to perform a remote code execution attack for certain configurations of Apache Struts 2 and its namespace feature.
August 24, 2018
The custom version of Apache Struts that is managed and delivered by SAS is not vulnerable to this exploitation because it does not use this particular namespace feature. Contact SAS Technical Support for additional details.