To address this vulnerability, Apache recommends users to urgently upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater.
Version Notes to find more details about performed bug fixes and improvements are available at:
Avis
Patches exist for all vulnerabilities.
Except for CVE-2023-22524 - for which the patch should be installed automatically during runtime - administrators of affected systems are advised to patch to the latest versions.
The Centre for Cyber Security Belgium strongly recommends to update as soon as possible to any of these releases where applicable:
Update NETGEAR ProSAFE Network Management System to the latest version.
For the latest patches, see following vendor advisories:
The Centre for Cyber Security Belgium strongly recommends system administrators to update Foxit PDF to the latest version.
The Centre for Cyber Security Belgium (CCB) strongly recommends to install alternative software or find mitigation alternatives.
The Centre for Cyber Security Belgium (CCB) strongly recommends to upgrade to the latest version of CrushFTP as indicated by the CrushFTP development team.
The Centre for Cyber Security Belgium strongly recommends system administrators to visit the adequate for the version Axigen updates page to download and install the patched version of this software.
Axigen's updates pages:
Upgrade
The CCB recommends to upgrade all components to a version that is not vulnerable. These include: