We've had a couple of inquiries about whether CA PAM would be affected by this recently reported vulnerability in Apache Struts2. CA PAM does not use Struts2 and is not affected.
Thank you for alerting the community Ralf!
CA PAM not vulnerable to Apache Struts2 vulnerability CVE-2017-5638