Regarding this exploit highly recommend to apply and also change all clearpass password afterwards, a similar exploit was released a couple of years ago, allowing unauthentied users to get the etc/password file.
CVE: CVE-2017-5638
Title
=====
Apache Struts Remote Code Execution Vulnerability
Overview
========
An unauthenticated remote code execution vulnerability in the Apache
Struts 2 package has been publicly reported. This advisory details
Aruba's exposure to this vulnerability.
**Aruba Wireless ACMP / ClearPass ACCP / CCNP Professional **
If a reply addresses your issue, please click on the "Accept as Solution" and "Give Kudos"