Environment
NetIQ Access Manager 4.3
NetIQ Access Manager 4.2
Situation
NAM 4.3 setup and working well. With most components being tomcat based applications eg. IDP, ESP and Admin Console, is NAM vulnerable to the newly released Apache struts CVE-2017-5638 defined at http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/?
This particular vulnerability can be exploited if the attacker sends a crafted request to upload a file to a vulnerable server that uses a Jakarta-based plugin to process the upload request.
Resolution
No. None of the NAM components use this interface (also applies to older versions of NAM).