Description: Does erwin, erwin MartServer or Web Portal have the CVE-2017-5638 vulnerability?
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 184.108.40.206 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.
Erwin data modeler, erwin MartServer, and Web Portal have no vulnerabilities. However, it is possible the third party components they use like Apache tomcat does. The ones we are aware of are: