CVE: CVE-2018-11776 Description: A vulnerability in Apache Struts 2, affecting Struts 2 when the alwaysSelectFullNamespace option is enabled in a Struts 2 configuration file, and an ACTION tag is specified without a namespace attribute or wildcard, leading to a CVSS v3 Base Score of 9.8. Third Party Component Risk Matrix - Component: Apache Struts 2 - Package/Privilege Required: Core - Protocol: HTTP - Remote Exploit without Auth?: Yes - CVSS Version 3.0 Risk - Base Score: 9.8 - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Confidentiality: High - Integrity: High - Availability: High - Supported Versions Affected: 2.3.34 and before, 2.5.16 and before