Apache Struts Security Vulnerability

Owned by Knowledge Assistant
Last updated: Sept 04, 2024 by Moriah Yorkey
1 min read
Description of Issue

I read there is an Apache Struts security vulnerability known as CVE-2023-50164.

Context

  • Time and Attendance

  • TA

  • Executime

  • Apache

  • Struts

  • Payroll

Cause

Time & Attendance contains the vulnerable Struts library. Tyler is actively leveraging internal resources to install recommended patches and perform upgrades as applicable. At this time there is no known exploit available for any version of the product. The vulnerability is specific to file uploads which are only accessible with administrator credentials. 

Resolution

All Time & Attendance clients should immediately upgrade the application to their corresponding release version using Tyler Deploy:

  • Version 2018.4.X should be updated to version 2018.4.32.3

  • Version 2019.1.X or higher should be upgraded to version 2023.2.2.2 or 2023.3.1+

Additional Information

Apache Software Foundation Post

Tyler Community Post