https://community.cisco.com/t5/network-access-control/fixing-struts2-cve-2017-5638/m-p/3190295#M552570 I believe the patch is already integrated with 2.1 Patch 4 and above. So if you are using 2.1 patch 5, you do not need to install the patch separately. Wed, 27 Sep 2017 13:07:29 GMT Rahul Govindan 2017-09-27T13:07:29Z https://community.cisco.com/t5/network-access-control/fixing-struts2-cve-2017-5638/m-p/3190147#M552569 <P>Hi</P><P>&nbsp;</P><P>According to relese notes the struts fix apply to ISE 2.1 patch 3</P><P>How is it with ISE 2.1 patch 5 should we appy the struts fix also to patch 5 ?</P><P>&nbsp;</P><P>From release notes</P><P>Download the latest patch available from CCO and install before installing these bundles.<BR />please note that this patch should be installed only on top of latest patch (Not hotfixes).</P><P>2.0 Patch 4<BR />2.0.1 Patch 3<BR />2.1 Patch 3<BR />2.2 ( No patches )</P><P>&nbsp;</P><P>Kind regards</P><P>Lars-Ove</P><P>&nbsp;</P> Fri, 21 Feb 2020 18:34:59 GMT https://community.cisco.com/t5/network-access-control/fixing-struts2-cve-2017-5638/m-p/3190147#M552569 llinddahl 2020-02-21T18:34:59Z https://community.cisco.com/t5/network-access-control/fixing-struts2-cve-2017-5638/m-p/3190295#M552570 I believe the patch is already integrated with 2.1 Patch 4 and above. So if you are using 2.1 patch 5, you do not need to install the patch separately. Wed, 27 Sep 2017 13:07:29 GMT https://community.cisco.com/t5/network-access-control/fixing-struts2-cve-2017-5638/m-p/3190295#M552570 Rahul Govindan 2017-09-27T13:07:29Z https://community.cisco.com/t5/network-access-control/fixing-struts2-cve-2017-5638/m-p/3190324#M552571 <P><SPAN>Confirming what Rahul said - ISE 2.1 Patch 4 resolved the struts vulnerability so any 2.1 system with that patch (or later) does not require the Struts hotfix. (ISE patches are cumulative.)</SPAN></P> Wed, 27 Sep 2017 13:39:45 GMT https://community.cisco.com/t5/network-access-control/fixing-struts2-cve-2017-5638/m-p/3190324#M552571 Marvin Rhoads 2017-09-27T13:39:45Z