Severe security vulnerability (CVE-2017-9805)

Hi All, I have a customer running 7.4.1 and they received the following security vulnerability message

I've checked the Software Vulnerability Scan page and the Security Fixes page, but CVE-2017-9805 is not listed.

Struts versions 2.5- 2.5.12 are affected when used in conjunction with the REST plugin.

1.      Have you reviewed your environment for exposure to this vulnerability? (yes/no)
2.      Have you taken action to fully address the vulnerability? (yes/no)
3.      If the vulnerability hasn't been addressed via patching, have you mitigated via other means? (yes/no)
4.      Please provide details, including timing, for when the vulnerability will be fully patched or otherwise mitigated.

For more information on the issue:
https://struts.apache.org/docs/s2-052.html
https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement

Can you please advise the course of action needed? Thanks

(CID:124524587)