My Oracle Support Banner

Apache Struts 2.5.30 Critical Vulnerability Remediation (Doc ID 2993826.1)

Last updated on DECEMBER 18, 2023

Applies to:

Oracle Documaker - Version 12.7 and later
Information in this document applies to any platform.


Customer has Documaker 12.7 Front-end Servers with WebSphere WAS 9 for MQ process Control redirection. We also use Liberty for our Linux Batch Server.
We just received information that Apache Struts 2.5.30 has a security vulnerability.

Vulnerability Details : CVE-2023-50164
An attacker can manipulate file upload parameters to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts or greater to fix this issue.

Please advise us if we need to take any action from our side.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.