Does the vulnerability have any impact on API Gateway 9.3 (Software version)? CVE-2019-2426 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking).
Customer environment: 1) API Gateway 9.3 CR3 (Software version) 2) JDK 1.8u181 is installed and used on the server.
Environment
API Gateway 9.3
Resolution
As per Oracle notes, JDK 8u181 is not affected. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
In the notes of "Oracle Java SE Risk Matrix", JDK 8u181 is not listed as affected by this vulnerability. The matrix is stating: - CVE# = CVE-2019-2426 - Supported Versions Affected = Java SE: 7u201, 8u192, 11.0.1; Java SE Embedded: 8u191
Also, we verified the vulnerability and Gateway server doesn't seem to be affected by it since the server does not load or run any untrusted code.
Additional Information
CVE-2019-2426 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2426