Updated March 27, 2017
On Sunday, March 19th, 2017, Apache announced a critically rated vulnerability around its STRUTS 2 Framework. This vulnerability will permit unauthenticated, remote code execution on the Apache server. Vulnerable Struts versions are:
Apache later that week announced a patch for this vulnerability.
What has Ceridian done?
Ceridian performed a review of our Apache systems looking for these specific versions.
Based upon that review, Ceridian has concluded it is not vulnerable to the STRUTS 2.x vulnerability.