The Cyber Security group at our organization, has identified a number of vulnerabilities in the Broadcom API Gateway. These boil down to needing an updated Java and OpenSSL.
Can you tell us when we can expect these or any other remediation that may be needed?
The details:
OpenSSL Per CentOS Errata and Security Advisory 2022:1066 (CESA-2022:1066), the current version of openssl plugin (openssl-1.0.2k-24.el7_9) and library (openssl-libs-1.0.2k-24.el7_9) needs to updated to version xxx.1.0.2k-25.el7_9; is there an oncoming patch release to mitigate these vulnerabilities?
Release : 10.1
Component : API GATEWAY
OpenSSL Per CentOS Errata and Security Advisory 2022:1066 (CESA-2022:1066) has been fixed/added to the March Monthly Platform Patch for API Gateway 10.0 .
Layer7_API_PlatformUpdate_64bit_v10.X-CentOS-2022-03-29.L7P
Gateway 10.1 before platform patch:
# rpm -qa openssl
openssl-1.0.2k-22.el7_9.x86_64
Gateway 10.1 after platform patch:
# rpm -qa openssl
openssl-1.0.2k-25.el7_9.x86_64
[[email protected] ~]#