ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2021-27905 - API Developer Portal

book

Article ID: 227908

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Hi Support,

Based on the URL, it affects solr version 8.8.2 or before.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27905

 

As from the document, solr v5.2.1 & v5.3 have been adopted.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/third-party-software-acknowledgments.html

 

Can you please advise if any patch available for this CVE?

Thanks.

 

Environment

Release : 4.5

Component : API PORTAL

Resolution

This does not really apply to portal. We are not exposing it outside of the stack and not using clustering or allow passing "masterUrl" (also "leaderUrl" alias) parameter. This container is scheduled to be removed in 5.1 as well