search cancel

API Gateway: CVE-2013-0809 & CVE-2013-1493 reported in a vulnerability scan


Article ID: 144721


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) STARTER PACK-7


A vulnerability scan may detect very old CVEs in the API Gateway, specifically CVE-2013-0809 and CVE-2013-1493. The directory called out may be /opt/CA/sdk/install_config_jre/.


This article applies to all API Gateways where those two CVEs (or at least one) pointing to that directory were reported by a vulnerability scanning tool.


An old SDK resides on the OVA images published for the API Gateway.


This very old SDK was used in much earlier versions of the API Gateway for setting up integration with CA Single Sign-On (SSO). As this particular SDK is no longer used by the API Gateway, it can safely be removed which will resolve the reported CVEs. To be safe, do a backup of the directory or the VM (through a VM snapshot), remove that specific directory (/opt/CA/sdk/install_config_jre/), then reboot and scan again for vulnerabilities. Those two particular CVEs should no longer be listed.

Additional Information

The directory in question may be removed in future OVA images for the API Gateway.