SRM 4.6.0.0: Apache Struts2 Vulnerability
Summary: CVE ID Apache Struts2 vulnerability was detected and the impact was observed only with the Front End Servers.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Post SRM upgrade to 4.6.0.0 from SRM 4.5, device-config-wizard struts version is been observed with version 2.5.22 instead version 2.5.26.
Cause
Apache Struts2 Vulnerability
Resolution
Steps to upgrade device-config-wizard package:
Post upgrade of the device config wizard package, verify the package version under /opt/APG/Web-Servers/Tomcat/Default/webapps/device-config-wizard/WEB-INF/lib is upgraded to version 2.5.26
- On SRM 4.6.0.0 >> Click on Administrator in SRM Frontend UI
- Navigate through Config >> Settings >>Manage Packages
- Click Upload and upload device-config-wizard package attached device-config-wizard-<xx>-linux-x64.pkg
- Update the DCW package using command
- /opt/APG/bin/manage-modules update device-config-wizard
- Restart Tomcat
Post upgrade of the device config wizard package, verify the package version under /opt/APG/Web-Servers/Tomcat/Default/webapps/device-config-wizard/WEB-INF/lib is upgraded to version 2.5.26
Article Properties
Article Number: 000189589
Article Type: Solution
Last Modified: 03 Nov 2021
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.