search cancel

Vulnerability for "Guava" in API Developer Portal or Gateway

book

Article ID: 216207

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Based on the URL below, the "Guava" library has a vulnerability in multiple versions.

https://www.cvedetails.com/cve/CVE-2018-10237/

 

Based on the URL below, version 14.0.1 & version 19 is on the list.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/third-party-software-acknowledgments.html

 

Is the API Developer Portal affected?

 

Environment

Release : 4.5

Component : API PORTAL

Resolution

The Guava vulnerability won't affect gateway, or portal.

In portal, all usages are very basic string operations, vulnerable code is not used.