https://community.cloudera.com/t5/Support-Questions/Critical-vulnerability-CVE-2014-0114-found-in-CDP-7-1-7-SP1/m-p/387500#M246335 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/110403">@EY</a>&nbsp;Thanks for bringing this to our community.</P><P>The CVE-ID does not seem to be the appropriate one for the Apache struts vulnerability shared. Help us with the following to understand this better:</P><P>1. What is the Security tool used and the version of it?<BR />2. Share the flagged CVE from the security team.<BR />3. Full CDP version</P><P>Ref:&nbsp;<A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0014" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0014</A></P><P>V</P> Thu, 02 May 2024 14:32:18 GMT vaishaakb 2024-05-02T14:32:18Z https://community.cloudera.com/t5/Support-Questions/Critical-vulnerability-CVE-2014-0114-found-in-CDP-7-1-7-SP1/m-p/387498#M246333 <P>Hi Team,</P><P>We got critical vulnerability CVE-2014-0014 found in CDP 7.1.7 SP1 commons-fileupload-1.3.3.jar, could you please check and confirm if Apache Struts is used in the Cloudera 7.1.7 SP1? Thanks.</P><P>Path:</P><P>./jars/commons-fileupload-1.3.3.jar<BR />./lib/atlas/extractors/lib/azure-adls/commons-fileupload-1.3.3.jar<BR />./lib/atlas/extractors/lib/aws-s3/commons-fileupload-1.3.3.jar<BR />./lib/atlas/server/webapp/atlas/WEB-INF/lib/commons-fileupload-1.3.3.jar<BR />./lib/search/lib/commons-fileupload-1.3.3.jar<BR />./lib/solr/server/solr-webapp/webapp/WEB-INF/lib/commons-fileupload-1.3.3.jar<BR />./lib/hbase-solr/lib/commons-fileupload-1.3.3.jar<BR />./lib/oozie/oozie-sharelib-yarn/lib/spark/commons-fileupload-1.3.3.jar<BR />./lib/search/lib/search-crunch/commons-fileupload-1.3.3.jar</P> Tue, 21 Apr 2026 06:31:47 GMT https://community.cloudera.com/t5/Support-Questions/Critical-vulnerability-CVE-2014-0114-found-in-CDP-7-1-7-SP1/m-p/387498#M246333 EY 2026-04-21T06:31:47Z https://community.cloudera.com/t5/Support-Questions/Critical-vulnerability-CVE-2014-0114-found-in-CDP-7-1-7-SP1/m-p/387500#M246335 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/110403">@EY</a>&nbsp;Thanks for bringing this to our community.</P><P>The CVE-ID does not seem to be the appropriate one for the Apache struts vulnerability shared. Help us with the following to understand this better:</P><P>1. What is the Security tool used and the version of it?<BR />2. Share the flagged CVE from the security team.<BR />3. Full CDP version</P><P>Ref:&nbsp;<A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0014" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0014</A></P><P>V</P> Thu, 02 May 2024 14:32:18 GMT https://community.cloudera.com/t5/Support-Questions/Critical-vulnerability-CVE-2014-0114-found-in-CDP-7-1-7-SP1/m-p/387500#M246335 vaishaakb 2024-05-02T14:32:18Z https://community.cloudera.com/t5/Support-Questions/Critical-vulnerability-CVE-2014-0114-found-in-CDP-7-1-7-SP1/m-p/387505#M246336 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/29989">@vaishaakb</a>&nbsp;, thanks for your reply.</P><P>1. The Security tool is ITAG Struts Tanium but i am not sure of the version</P><P>2. Flagged CVE is&nbsp;<SPAN>CVE-2014-0014, and we doubt it's false positive reported since we checked for this CVE is for&nbsp;commons-beanutils.jar in Apache Struts. But security team requested us to confirm with Cloudera team on whether Apache Struts is used in the Cloudera Data Platform (CDP) 7.1.7 SP1 and&nbsp;CDP was vulnerable to CVE-2014-0114.</SPAN></P><P><SPAN>3.&nbsp;Full CDP version is : 7.1.7-1.cdh7.1.7.p1050.30900109</SPAN></P><P><SPAN>Could you please advise on this. Thanks.</SPAN></P> Thu, 02 May 2024 15:12:35 GMT https://community.cloudera.com/t5/Support-Questions/Critical-vulnerability-CVE-2014-0114-found-in-CDP-7-1-7-SP1/m-p/387505#M246336 EY 2024-05-02T15:12:35Z