About API-Portal Vulnerability

book

Article ID: 110133

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction



Does API Portal take the influence of the security vulnerability? 
If so, is the fix included in the product? 
・CVE-2018-1336 
・CVE-2018-2952 

Environment

API Portal 3.1

Resolution

・CVE-2018-1336 :
* It is not affected since 3.1 uses Tomcat 6.0 (3.5 is affected and is corrected by CR9).

・CVE-2018-2952 :
* It is not affected since the Portal does not use Applets and Java Web Start Application or expose web services.