hey, we got a vulnerability in pega prsysmnmt

File /usr/local/tomcat/webapps/prsysmgmt/WEB-INF/lib/struts2-core-2.5.16.jar version 2.5.16 is vulnerable to CVE-2024-53677, which exists in versions >= 2.0.0, < 6.4.0

this struts lib was present in the prsysmgmt.war

As a fix, i replaced the lib with version struts2-core-2.5.16.jar and restarted pega tomcat. The designer studio is working. but the System management application is not working.

Could any know how to fix this. Is there any fix without upgrading pega

Current version
Pega 7.2
RPC System Management Universal SMA 7.3.1

ERROR

HTTP Status 404 – Not Found

Type Status Report

Message /prsysmgmt

Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

Apache Tomcat/8.5.38

@RejithR17454984 you are on a legacy, unsupported version.

Pega Extended Support program

Keeping current with Pega

Please upgrade asap in order to be on the most secure platform possible.

Who can I contact with questions about the Extended Support Policy?

If you have questions about Extended Support, contact Pega Support or your Client Success Manager. For contact information, see Pega Support Contact Information.

Please log a ticket via the MSP so that our engineers can determine whether they can send the latest SMA war and ear files containing struts2-core 6.7.0 version.

Please come back and provide a reply with the INC number and then the final outcome to this issue.