About java vulnerability(CVE-2021-2369, CVE-2021-2388)

book

Article ID: 224026

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Does API Gateway take the influence of the following vulnerability?
If so, is the fix included in the product?
   .  CVE-2021-2369
   .  CVE-2021-2388

Both of the above are JAVA vulnerabilities.
Affects JDK8u291 and earlier.
Gateway 9.4, 10 includes JDK 8u291 or earlier.

Is API Gateway affected by those CVEs?

Environment

Release : 10.0

Component : API GATEWAY

Resolution

Gateway distribution loads and runs only trusted code (custom assertions are also can be loaded only after signing).

Also, we do not support Java Web Start and Applets, so the mentioned vulnerabilities (CVE-2021-2369, CVE-2021-2388) will not affect the API Gateway.