Question on vulnerabilities (API Gateway Software)
Article ID: 128853
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
Does the vulnerability listed below have any impact on API Gateway 9.3 CR3 (Software) ?
(1) CVE-2018-12020
(2) CVE-2018-5146
(3) CVE-2017-8779
(4) CVE-2017-5461
(5) CVE-2016-9808
(6) CVE-2016-9447
(7) CVE-2016-7545
(8) CVE-2016-4448
Environment
API Gateway 9.3 CR3 (Software)
OS: RHEL 6
OS: RHEL 6
Resolution
(1) CVE-2018-12020
Software gateway doesn't have any dependency on this library installed on the RHEL server. So no impact on Gateway Software.
Software gateway will not provide fix for this. Customer will have to verify if they have updated their RHEL 6 server with this patch.
https://access.redhat.com/errata/RHSA-2018:2180
(2) CVE-2018-5146
Gateway doesn't use this library and is not affected by it.
(3) CVE-2017-8779
Gateway doesn't use this library and is not affected by it.
(4) CVE-2017-5461
Software gateway doesn't have any dependency on this library installed on the RHEL server. So no impact on Gateway Software.
Software Gateway will not have fix for this. Customer will have to verify nss, nss-tools and nss-util package version on their RHEL 6 Server.
(5) CVE-2016-9808
Gateway doesn't use this library and is not affected by it.
(6) CVE-2016-9447
Gateway doesn't use this library and is not affected by it.
(7) CVE-2016-7545
Software gateway doesn't have any direct dependency on this library installed on the RHEL server. So no impact on Gateway Software.
Software gateway will not be having the fix for this. Customer will have to verify they have applied this RHEL 6 patch.
https://access.redhat.com/errata/RHSA-2016:2702
(8) CVE-2016-4448
The software gateway doesn't directly use this library and it's not part of the Gateway product.
Customer will have to verify if they have updated their RHEL 6 server with this patch.
https://access.redhat.com/errata/RHSA-2016:1292.
They should have libxml2-2.7.6-21.el6_8.1.i686.rpm installed according to this patch.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
Software gateway doesn't have any dependency on this library installed on the RHEL server. So no impact on Gateway Software.
Software gateway will not provide fix for this. Customer will have to verify if they have updated their RHEL 6 server with this patch.
https://access.redhat.com/errata/RHSA-2018:2180
(2) CVE-2018-5146
Gateway doesn't use this library and is not affected by it.
(3) CVE-2017-8779
Gateway doesn't use this library and is not affected by it.
(4) CVE-2017-5461
Software gateway doesn't have any dependency on this library installed on the RHEL server. So no impact on Gateway Software.
Software Gateway will not have fix for this. Customer will have to verify nss, nss-tools and nss-util package version on their RHEL 6 Server.
(5) CVE-2016-9808
Gateway doesn't use this library and is not affected by it.
(6) CVE-2016-9447
Gateway doesn't use this library and is not affected by it.
(7) CVE-2016-7545
Software gateway doesn't have any direct dependency on this library installed on the RHEL server. So no impact on Gateway Software.
Software gateway will not be having the fix for this. Customer will have to verify they have applied this RHEL 6 patch.
https://access.redhat.com/errata/RHSA-2016:2702
(8) CVE-2016-4448
The software gateway doesn't directly use this library and it's not part of the Gateway product.
Customer will have to verify if they have updated their RHEL 6 server with this patch.
https://access.redhat.com/errata/RHSA-2016:1292.
They should have libxml2-2.7.6-21.el6_8.1.i686.rpm installed according to this patch.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
Additional Information
(1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
(2) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
(3) https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-8779
(4) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461
(5) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
(6) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9447
(7) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545
(8) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
(2) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
(3) https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-8779
(4) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461
(5) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
(6) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9447
(7) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545
(8) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
Feedback
Yes
No
Powered by
