API Management products (or platforms) currently known to be affected:
The operating system / platform update patches will be included in the next round of monthly security platform updates issued by CA Technologies for the following products:
Patches can be found on the Solutions & Patches page, when available. This line will also be updated once they are released.
In addition to any patches issued by CA Technologies in the future, customers are advised to apply vendor-provided patches to hardware that is being used to run the virtual appliance, container, or software form factors as they become available.
For the CA API Developer Portal Enhanced Experience ("Portal"; version 4.0 & higher), customers need to ensure they keep their systems up-to-date by following the documented procedure for updating the platform. As soon as Red Hat or other operating system vendors release their patches for their respective operating systems, following that documentation will allow those patches to be applied.
Customers running Live API Creator will need to update the host. The vendor of the host operating system should be issuing such a patch. The application itself does not require patching.
As more information becomes available from third-party vendors, CA will issue additional notifications to advise customers of potential resolutions and next steps if required. CA encourages all customers to enroll in CA proactive notifications in order to receive updates on these kinds of critical vulnerabilities in the future.