Vulnerability in CVE-2019-19956 (API Portal )

book

Article ID: 206613

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Does API Portal take the influence of the security vulnerability?
If so, is the fix included in the product?

・CVE-2019-19956

Cause

The issues with CVE-2019-19956 are:
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related.

Environment

Release : 4.3.2

Component : API PORTAL

Resolution

libxml2 is an OS library.
API Portal does not use OS libraries directly.
Therefore, the API Portal itself is not affected by this vulnerability.

But many Linux commands will rely on it. 
So recommend upgrade their OS, and apply the patch from the OS vendor.