Vulnerability CVE-2019-2426 (API Gateway)
Article ID: 126394
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
Does the vulnerability have any impact on API Gateway 9.3 (Software version)?
CVE-2019-2426
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
Customer environment:
1) API Gateway 9.3 CR3 (Software version)
2) JDK 1.8u181 is installed and used on the server.
Environment
API Gateway 9.3
Resolution
As per Oracle notes, JDK 8u181 is not affected.
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
In the notes of "Oracle Java SE Risk Matrix", JDK 8u181 is not listed as affected by this vulnerability.
The matrix is stating:
- CVE# = CVE-2019-2426
- Supported Versions Affected = Java SE: 7u201, 8u192, 11.0.1; Java SE Embedded: 8u191
Also, we verified the vulnerability and Gateway server doesn't seem to be affected by it since the server does not load or run any untrusted code.
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
In the notes of "Oracle Java SE Risk Matrix", JDK 8u181 is not listed as affected by this vulnerability.
The matrix is stating:
- CVE# = CVE-2019-2426
- Supported Versions Affected = Java SE: 7u201, 8u192, 11.0.1; Java SE Embedded: 8u191
Also, we verified the vulnerability and Gateway server doesn't seem to be affected by it since the server does not load or run any untrusted code.
Additional Information
CVE-2019-2426
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2426
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2426
Feedback
Yes
No
Powered by
