ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

About java vulnerability(CVE-2021-2369, CVE-2021-2388)


Article ID: 224026


Updated On:


CA API Gateway


Does API Gateway take the influence of the following vulnerability?
If so, is the fix included in the product?
   .  CVE-2021-2369
   .  CVE-2021-2388

Both of the above are JAVA vulnerabilities.
Affects JDK8u291 and earlier.
Gateway 9.4, 10 includes JDK 8u291 or earlier.

Is API Gateway affected by those CVEs?


Release : 10.0

Component : API GATEWAY


Gateway distribution loads and runs only trusted code (custom assertions are also can be loaded only after signing).

Also, we do not support Java Web Start and Applets, so the mentioned vulnerabilities (CVE-2021-2369, CVE-2021-2388) will not affect the API Gateway.