Skip to main content
Kofax

PDWEB - Apache vulnerability - Possible Remote Code Execution S2-062 (CVE-2021-31805)

  1. Last updated
  2. Save as PDF
Article # 3047283 - Page views: 105

Issue

A possible Remote Code Execution (RCE) vulnerability S2-062 (CVE-2021-31805) has been found on Apache Tomcat server and certain versions of PD Web Application.

Impact

Affected version

  • 2.0.0 <= Apache Struts <= 2.5.29

This vulnerability is fixed in Apache Struts 2.5.30 version.

Solution

Vulnerability CVE-2021-31805 is known for WhiteSource and latest scans mark our code as potentially affected.

The issue is solved in the patch level releases for PD Web Application 7.7 PL14, 7.8 PL8, 7.9 PL3, and 7.10 PL1.

 

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
PD WEB APPLICATION 7.8 PL8    

References

How to find the web application version and patch level:

https://knowledge.kofax.com/ReadSoft/Process_Director_Accounts_Payable/How_To/Process_Director_Web_Application_Version

 

 

Article # 3047283