Question on vulnerabilities (API Portal Software)

book

Article ID: 128854

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction



Does the vulnerability listed below have any impact on API Portal 3.5 CR9 (Software) ?

(1) CVE-2018-12020
(2) CVE-2018-5146
(3) CVE-2017-8779
(4) CVE-2017-5461
(5) CVE-2016-9808
(6) CVE-2016-9447
(7) CVE-2016-7545
(8) CVE-2016-4448

Environment

API Portal 3.5 CR9 (Software)
OS: RHEL 6

Resolution

(1) CVE-2018-12020
API Portal does not use GNUPG for any of its functionality and is not vulnerable.

(2) CVE-2018-5146
API Portal does not use any of its functionality and is not vulnerable.

(3) CVE-2017-8779
The API Portal is not affected by this CVE since port 111 is not used.

(4) CVE-2017-5461
The API Portal does not use Mozilla NSS for any of its functionality and is not vulnerable.

(5) CVE-2016-9808
The API Portal does not use gstreamer for any of its functionality and is not vulnerable.

(6) CVE-2016-9447
The API Portal does not use gstreamer for any of its functionality and is not vulnerable.

(7) CVE-2016-7545
The API Portal does use the SELinux sandbox for any of its functionality and is not vulnerable.

(8) CVE-2016-4448
The API Portal does not use libxml2 for any of its functionality and is not vulnerable.

Additional Information

(1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
(2) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
(3) https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-8779
(4) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461
(5) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
(6) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9447
(7) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545
(8) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448