Hewlett Packard Enterprise Product Security Vulnerability Alerts
Apache Struts 2 - Remote Code Execution Vulnerability (CVE-2018-11776)
Version 2.0 : Last Updated: September 14, 2018
This website is updated frequently, as new product information becomes available.
On August 22, Apache announced a vulnerability in Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 can suffer from Remote Code Execution in the context of the application. Struts 2 is used several HPE products.
To learn more about CVE-2018-11776, refer to the Resources section below.
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Category |
High-level product description. |
Product Sub-Category |
Medium-level product description. |
Product Name |
Detailed product description. |
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
Under Investigation |
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
Product
Sub- Category |
Product
Name |
Impacted |
Mitigation
and Notes |
Customer
Bulletin |
Security
bulletin (HPE or Vendor) |
|
Hybrid
IT |
Platform
Software |
HP
Intelligent Modular Power Distribution Unit/Kit |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
HP
IP Console Switch, HP Server Console Switch |
No |
Not
vulnerable |
|
|
Hybrid
IT |
HP-UX |
Serviceguard Portfolio |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Linux |
Serviceguard Portfolio |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Non-HP
OS |
SUSE
Linux Enterprise Server |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Non-HP
OS |
CentOS |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Non-HP
OS |
Citrix
XenServer |
No |
Not
vulnerable |
|
https://www.systemtek.co.uk/2018/08/citrix-xenserver-multiple-security-updates/ |
Hybrid
IT |
Non-HP
OS |
Debian |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
System
Management Homepage for Solaris 10 (x86[/x64]) Systems |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Non-HP
OS |
Oracle
Linux |
Under
investigation |
Under
investigation |
|
|
Hybrid
IT |
Non-HP
OS |
Red
Hat Enterprise Linux |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Non-HP
OS |
Solaris |
Under
investigation |
Under
investigation |
|
|
Hybrid
IT |
Non-HP
OS |
Ubuntu |
No |
Not
vulnerable |
|
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11776.html |
Hybrid
IT |
HP
OS |
HP
SSL for OpenVMS |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
HP
Agentless Mgmt Service for Windows |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Apollo |
Apollo
System Manager |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
HP
Modular Cooling System, HP MCS x00 Cooling Unit |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
HPAPM,
HP Apollo Platform Manager |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
SLAPM,
HP ProLiant SL Advanced Power Manager |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
SL
Chassis Firmware |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Platform
Software |
SIM |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreAll |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreOnce |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
RMC |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
MSA |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreEver MSL6480 |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreEver MSL3040 |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreEver ESL G3 |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
Command
View for Tape Libraries (CVTL) |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
Library
and Tape Tools (L&TT) |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreEver MSL G3 |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreEver MSL G2 1/8 Autoloader |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
XP7 |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
XP
CVAE |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreEasy (all products) |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
3PAR
File Controller (all versions) |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
StoreEasy (all products) |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
3PAR
File Controller (all versions) |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
SV4000
(CMC) |
Under
investigation |
Under
investigation |
|
|
Hybrid
IT |
Storage |
SV3200 |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
SSMC |
No |
Not
vulnerable |
|
|
Hybrid
IT |
Storage |
SP |
No |
Not
vulnerable |
|
|
Networking |
HPE
Network |
Smal Medium Business Solutions |
Under
Investigation |
Under
Investigation |
|
|
Networking |
Aruba
Network |
Aruba
ClearPass |
No |
Not
vulnerable |
|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
|
SDCG |
Converged
Systems |
HP
Converged System 700 2.0 VMWare |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700X for Microsoft (727177-B21) |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700X for Vmware
(721223-B21) |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700X v1.1 Microsoft Kit (J0H73A) |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700X v1.1 Vmware
Kit (J0H72A) |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HPE
Converged Architecture 700 |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HPE
Converged System 700 2.0 Hyper-V |
No |
Not
vulnerable |
|
|
SDCG |
Converged
Systems |
HPE
Hyper Converged 250 for Microsoft CPS |
No |
Not
vulnerable |
|
|
SDCG |
Converged
Systems |
HP
OneView |
No |
Not
vulnerable |
|
|
SDCG |
Platform
Software |
Matrix
Recovery Management (MRM) |
Yes
(Indirect) |
Under
investigation |
|
|
SDCG |
Platform
Software |
HPE
OneView for vRealize |
No |
Not
vulnerable |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 300 for Virtualization 1.0 |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 300 for Virtualization 1.1 |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 300 for Virtualization |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700 for Virtualization |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700 for Virtualization 1.0 |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Converged
Systems |
HP
ConvergedSystem 700 for Virtualization 1.1 |
Under
investigation |
Refer
to the VMware article 57760 |
|
|
SDCG |
Networking |
H3C
Comware 5 |
No |
Not
vulnerable |
|
|
SDCG |
Networking |
H3C
Comware 7 |
No |
Not
vulnerable |
|
|
SDCG |
Networking |
IMC |
No |
Not
vulnerable |
|
|