search cancel

CVE-2022-42889 critical vulnerability affects apache commons text

book

Article ID: 252541

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are using API gateway versions 10.1 and 10.0.
A vulnerability has been released as follows.
Are we affected in the current situation? Do you have any suggestions for this vulnerability?

https://www.tarlogic.com/blog/cve-2022-42889-critical-vulnerability-affects-apache-commons-text/

Environment

Release : 10.1

Resolution

In Gateway, commons text library usage is limited to XML escaping functionality and does not use 'commons-text' interpolators for string lookups, so no impact on Gateway.

All other APIM products (Portal, OTK, and MAG) do not use the commons-text library.