The Struts vulnerability [CVE-2018-11776] allows attackers to execute remote commands in Java servers that are running unpatched versions of 2008 Apache Struts by using the REST plugin. The attacker is able to take over the machine, launch additional attacks, or exfiltrate sensitive data stored on the server.
While the Struts vulnerability is not externally observable, companies operating Java servers may be at risk. We encourage being proactive and taking the first step towards mitigating risk of data loss.
To see if a company in your portfolio is vulnerable, go to your portfolio and use the Open Ports filter in your search. Identify companies operating HTTP/Java, HTTPS/Java, or Java RMI servers, and then follow up with them to understand if Apache Struts is installed and if your information is at risk.
Prevent Struts vulnerabilities by updating to the latest version of the Struts framework. For more information, visit the Apache website.