ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

API-GW Vulnerability (CVE-2018-2562)

book

Article ID: 111959

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction



Does API Gateway take the influence of the security vulnerability?
If so, is the fix included in the product?

・CVE-2018-2562

Environment

API Gateway 8.x
API Gateway 9.x
 

Resolution

Latest MPP already has the updated versions for mysql components as per below, which contains the fix for this CVE so if the customer has applied the latest MPP, this vulnerability should not affect them.
This CVE was resolved by Jan 2018 MPP.



=======
CVE-2018-2562 affects versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior.
July 2018 MPP contains:

MySQL-client-advanced-5.5.60-1.el6.x86_64.rpm
mysql-commercial-client-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-common-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-libs-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-libs-compat-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-server-5.7.22-1.1.el6.x86_64.rpm
MySQL-server-advanced-5.5.60-1.el6.x86_64.rpm
MySQL-shared-advanced-5.5.60-1.el6.x86_64.rpm
MySQL-shared-compat-advanced-5.5.60-1.el6.x86_64.rpm