Vulnerability CVE-2019-2426 (API Gateway)

book

Article ID: 126394

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction



Does the vulnerability have any impact on API Gateway 9.3 (Software version)?
CVE-2019-2426
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).

Customer environment:
1) API Gateway 9.3 CR3 (Software version)
2) JDK 1.8u181 is installed and used on the server.

Environment

API Gateway 9.3

Resolution

As per Oracle notes, JDK 8u181 is not affected.
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

In the notes of "Oracle Java SE Risk Matrix", JDK 8u181 is not listed as affected by this vulnerability.
The matrix is stating:
- CVE# = CVE-2019-2426
- Supported Versions Affected = Java SE: 7u201, 8u192, 11.0.1; Java SE Embedded: 8u191

Also, we verified the vulnerability and Gateway server doesn't seem to be affected by it since the server does not load or run any untrusted code.

Additional Information

CVE-2019-2426
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2426