Fixing Struts2 CVE-2017-5638

llinddahl · ‎09-27-2017

Hi

According to relese notes the struts fix apply to ISE 2.1 patch 3

How is it with ISE 2.1 patch 5 should we appy the struts fix also to patch 5 ?

From release notes

Download the latest patch available from CCO and install before installing these bundles.
please note that this patch should be installed only on top of latest patch (Not hotfixes).

2.0 Patch 4
2.0.1 Patch 3
2.1 Patch 3
2.2 ( No patches )

Kind regards

Lars-Ove

Rahul Govindan · ‎09-27-2017

I believe the patch is already integrated with 2.1 Patch 4 and above. So if you are using 2.1 patch 5, you do not need to install the patch separately.

Marvin Rhoads · ‎09-27-2017

Confirming what Rahul said - ISE 2.1 Patch 4 resolved the struts vulnerability so any 2.1 system with that patch (or later) does not require the Struts hotfix. (ISE patches are cumulative.)