We are using API gateway versions 10.1 and 10.0.
A vulnerability has been released as follows.
Are we affected in the current situation? Do you have any suggestions for this vulnerability?
https://www.tarlogic.com/blog/cve-2022-42889-critical-vulnerability-affects-apache-commons-text/
Release : 10.1
In the Gateway, commons text library usage is limited to XML escaping functionality and does not use 'commons-text' interpolators for string lookups, so there is no impact on the Gateway.
All other APIM products (Portal, OTK, and MAG) do not use the commons-text library.
The impacted Apache Common Text libraries were replaced in the 10.1 CR03 release.