Is NAM vulnerable to the Jakarta Struts CVE-2017-5638

  • 7018703
  • 10-Mar-2017
  • 05-Apr-2017


NetIQ Access Manager 4.3
NetIQ Access Manager 4.2


NAM 4.3 setup and working well. With most components being tomcat based applications eg. IDP, ESP and Admin Console, is NAM vulnerable to the newly released Apache struts CVE-2017-5638 defined at
This particular vulnerability can be exploited if the attacker sends a crafted request to upload a file to a vulnerable server that uses a Jakarta-based plugin to process the upload request.


No. None of the NAM components use this interface (also applies to older versions of NAM).