Does the vulnerability have any impact on API Gateway 9.3 (Software version)? CVE-2019-2426 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
Customer environment: 1) API Gateway 9.3 CR3 (Software version) 2) JDK 1.8u181 is installed and used on the server.
API Gateway 9.3
As per Oracle notes, JDK 8u181 is not affected. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
In the notes of "Oracle Java SE Risk Matrix", JDK 8u181 is not listed as affected by this vulnerability. The matrix is stating: - CVE# = CVE-2019-2426 - Supported Versions Affected = Java SE: 7u201, 8u192, 11.0.1; Java SE Embedded: 8u191
Also, we verified the vulnerability and Gateway server doesn't seem to be affected by it since the server does not load or run any untrusted code.
CVE-2019-2426 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2426