Does CVE-2019-11068 affect OVA API Gateway?

book

Article ID: 192605

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

How to address the vulnerability CVE-2019-11068?

Environment

Release : 9.4

Component : API GATEWAY

Resolution

As per the documents from Redhat and Oracle,

https://access.redhat.com/security/cve/CVE-2019-11068

https://www.oracle.com/security-alerts/cpuoct2019.html

The CVE-2019-11068 is due to the libxslt, but the appliance gateway (ova) doesn't have libxslt installed.

This can be checked with command,

rpm -aq|grep libxslt

 

Conclusions:

- The appliance gateway is not impacted -- this is verified from gateway 9.2 up to gateway 10.

- For other form factor of gateway, it should be the system admin to address the problem.

 

Additional Information

https://access.redhat.com/security/cve/CVE-2019-11068

https://www.oracle.com/security-alerts/cpuoct2019.html