Having a remote execution exploit shouldn't mean keys to the kingdom. I find it hard to believe that this company whose whole business is electronic didn't adapt it's technology stack to remedy this type of attack limiting the scope of a data leak. I wouldn't be surprised if struts has another exploit of similar magnitude, what then?
They might as well be running their business on a cluster of tomcat servers sitting atop sqlite.
Hopefully they don't recover from this - they should not have the data they posses if they cannot mitigate risk.
They might as well be running their business on a cluster of tomcat servers sitting atop sqlite.
Hopefully they don't recover from this - they should not have the data they posses if they cannot mitigate risk.