View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-4438 severity critical: SUSE including 3 source package names (struts, struts-javadoc, struts-manual), 5 product×package rows across 3 product lines (SUSE Linux Enterprise Software Development Kit 11 SP4, SUSE Manager Server 2.1, SUSE Manager Server 3.0): Known Not Affected 5.
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.