Recently, the Apache Software Foundation disclosed a critical vulnerability in Apache Struts 2, this is a software framework for developing Java EE websites. Widespread exploitation began on March 8, 2017. The vulnerability (CVE-2017-5638) is a Remote Code Execution (RCE) vulnerability that affects the Jakarta Multipart parser in Apache Struts 2. This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 10 out of 10 due to potential impact; a 10/10 score is exceptionally severe and rare.
You can learn more about this attack at https://struts.apache.org/docs/security-bulletins.html. This note describes Electra’s response to this problem.
The areas of investigation for remediation for Electra clients are externally facing systems and internal systems.
For externally facing systems Electra can confirm that none of its systems has this particular vulnerability.
For internal systems, one system did have this vulnerability and has been shut down.
We take the responsibility of keeping your information protected very seriously at Electra Information Systems.
We would like to assure you that with regards to the Apache Struts 2 exploit:
1. Your account is secure.
2. Your account details were not exposed in the past and will remain secure.
3. You do not need to take any additional action to safeguard your information.
4. There is no need to change your password.