About Java vulnerability (API Gateway).

book

Article ID: 145582

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

In Gateway Software version (using JDK 8),
Please confirm whether you are affected by the following vulnerabilities.
CVE-2020-2583
CVE-2020-2585
CVE-2020-2590
CVE-2020-2593
CVE-2020-2601
CVE-2020-2604
CVE-2020-2654
CVE-2020-2659

CVE-2020-2756
CVE-2020-2757

CVE-2020-14556
CVE-2020-14578
CVE-2020-14579
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-14664

CVE-2020-14803

Environment

Release : 9.3

Release : 9.4

Component : API GTW ENTERPRISE MANAGER

Resolution

The vulnerability in Java could affect APIGateway.

For Gateway Software:
For Gateway version 9.4 CR3, we recommend AdoptOpenJDK 8u222+
For Gateway version 9.4 CR4, we recommend AdoptOpenJDK 8u232+
For Gateway version 9.4 CR5, we recommend AdoptOpenJDK 8u252+

Please upgrade (integrate) to a JDK that fixes the problem.
Please note that for the software version, you need to upgrade or migrate java on customers side.