Known CVE's in API portal 5.3.x
Article ID: 382325
Updated On:
Products
CA API Developer Portal
Issue/Introduction
We've got the API Portal running in a test environment when running a Security Tolgate check. we found several vulnerabilities with a Severity critical or important.
Is Api Portal 5.3.x impacted by these cve reported .
Environment
Api Portal 5.3.x
Resolution
See comments in table below:
| Container Name | Component | CVE | Fixable | CVE Fixed In | Severity | CVSS | Reference | Comments | Remediation Comment |
| apim | cxf | CVE-2019-12419 | TRUE | 3.2.11 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12419 | Updated in 5.3.1. OpenId Connect service and access tokens is not used | |
| pssg | cxf | CVE-2019-12419 | TRUE | 3.2.11 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12419 | Removed in 5.3.1 | |
| apim | cxf | CVE-2019-12423 | TRUE | 3.2.12 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12423 | Updated in 5.3.1. OpenId Connect JWK Keys service is not used | |
| pssg | cxf | CVE-2019-12423 | TRUE | 3.2.12 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12423 | Removed in 5.3.1 | |
| rabbitmq | libssh2 | CVE-2020-22218 | TRUE | 1.9.0-2+deb11u1 | IMPORTANT | 7.5 | https://security-tracker.debian.org/tracker/CVE-2020-22218 | Resolved in 5.3 and 5.3.1 is not affected | 5.3 was patched and 5.3.1 is using latest version and not affected. |
| tenant-provisioner | mybatis | CVE-2020-26945 | TRUE | 3.5.6 | IMPORTANT | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-26945 | Portal 5.3 and 5.3.1 both are not affected | |
| analytics-server | jackson-databind | CVE-2020-36518 | TRUE | 2.12.6.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Portal 5.3 and 5.3.1 both are not affected | |
| apim | jackson-databind | CVE-2020-36518 | TRUE | 2.12.6.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Already mitigated in GW 11.1 and 11.1.1. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The Jackson library is utilized in Liquibase 4.5.0, and it is an internal component of the gateway. Importantly, there is no possibility of injecting malicious data that Liquibase would inadvertently parse. |
| apim | jackson-databind | CVE-2020-36518 | TRUE | 2.13.2.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Already mitigated in GW 11.1 and 11.1.1. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The Jackson library is utilized in Liquibase 4.5.0, and it is an internal component of the gateway. Importantly, there is no possibility of injecting malicious data that Liquibase would inadvertently parse. |
| authenticator | jackson-databind | CVE-2020-36518 | TRUE | 2.12.6.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Portal 5.3 and 5.3.1 both are not affected | |
| portal-data | jackson-databind | CVE-2020-36518 | TRUE | 2.12.6.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Portal 5.3 and 5.3.1 both are not affected | |
| portal-enterprise | jackson-databind | CVE-2020-36518 | TRUE | 2.12.6.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Portal 5.3 and 5.3.1 both are not affected | |
| pssg | jackson-databind | CVE-2020-36518 | TRUE | 2.12.6.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Removed in 5.3.1 | |
| pssg | jackson-databind | CVE-2020-36518 | TRUE | 2.13.2.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36518 | Removed in 5.3.1 | |
| apim | cxf | CVE-2021-22696 | TRUE | 3.3.10 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-22696 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The affected class JwtRequestCodeFilter through which this vulnerability is exposed is not on the classpath. |
| pssg | cxf | CVE-2021-22696 | TRUE | 3.3.10 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-22696 | Removed in 5.3.1 | |
| apim | cxf | CVE-2021-30468 | TRUE | 3.3.11 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30468 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The affected class JsonMapObjectReaderWriter is not on the classpath. |
| pssg | cxf | CVE-2021-30468 | TRUE | 3.3.11 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30468 | Removed in 5.3.1 | |
| apim | netty | CVE-2021-37136 | TRUE | 4.1.68 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37136 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | Gateway is not using the affected classes Bzip2Decoder |
| pssg | netty | CVE-2021-37136 | TRUE | 4.1.68 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37136 | Removed in 5.3.1 | |
| apim | netty | CVE-2021-37137 | TRUE | 4.1.68 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37137 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | Gateway is not using the affected classes SnappyFrameDecoder |
| pssg | netty | CVE-2021-37137 | TRUE | 4.1.68 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37137 | Removed in 5.3.1 | |
| analytics-server | jackson-databind | CVE-2021-46877 | TRUE | 2.12.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46877 | Portal 5.3 and 5.3.1 both are not affected | |
| apim | jackson-databind | CVE-2021-46877 | TRUE | 2.12.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46877 | Already mitigated in GW 11.1 and 11.1.1. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The Jackson library is utilized in Liquibase 4.5.0, and it is an internal component of the gateway. Importantly, there is no possibility of injecting malicious data that Liquibase would inadvertently parse. |
| authenticator | jackson-databind | CVE-2021-46877 | TRUE | 2.12.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46877 | Portal 5.3 and 5.3.1 both are not affected | |
| portal-data | jackson-databind | CVE-2021-46877 | TRUE | 2.12.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46877 | Portal 5.3 and 5.3.1 both are not affected | |
| portal-enterprise | jackson-databind | CVE-2021-46877 | TRUE | 2.12.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46877 | Portal 5.3 and 5.3.1 both are not affected | |
| pssg | jackson-databind | CVE-2021-46877 | TRUE | 2.12.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46877 | Removed in 5.3.1 | |
| apim | woodstox | CVE-2022-40152 | TRUE | 5.4.0 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40152 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The vulnerable functionality of woodstox is not being used in the Gateway use case |
| pssg | woodstox | CVE-2022-40152 | TRUE | 5.4.0 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40152 | Removed in 5.3.1 | |
| apim | netty | CVE-2022-41881 | TRUE | 4.1.86 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The vulnerable class/functionality is not being used by the Cassandra driver in GW. |
| pssg | netty | CVE-2022-41881 | TRUE | 4.1.86 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 | Removed in 5.3.1 | |
| analytics-server | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Portal 5.3 and 5.3.1 both are not affected. | |
| apim | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Already mitigated in GW 11.1 and 11.1.1. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The Jackson library is utilized in Liquibase 4.5.0, and it is an internal component of the gateway. Importantly, there is no possibility of injecting malicious data that Liquibase would inadvertently parse. |
| apim | jackson-databind | CVE-2022-42003 | TRUE | 2.13.4.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Already mitigated in GW 11.1 and 11.1.1. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The Jackson library is utilized in Liquibase 4.5.0, and it is an internal component of the gateway. Importantly, there is no possibility of injecting malicious data that Liquibase would inadvertently parse. |
| authenticator | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-data | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-enterprise | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Portal 5.3 and 5.3.1 both are not affected. | |
| pssg | jackson-databind | CVE-2022-42003 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Removed in 5.3.1 | |
| pssg | jackson-databind | CVE-2022-42003 | TRUE | 2.13.4.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | Removed in 5.3.1 | |
| analytics-server | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Portal 5.3 and 5.3.1 both are not affected. | |
| apim | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Already mitigated in GW 11.1 and 11.1.1. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The Jackson library is utilized in Liquibase 4.5.0, and it is an internal component of the gateway. Importantly, there is no possibility of injecting malicious data that Liquibase would inadvertently parse. |
| apim | jackson-databind | CVE-2022-42004 | TRUE | 2.13.4 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Already mitigated in GW 11.1 and 11.1.1. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | The Jackson library is utilized in Liquibase 4.5.0, and it is an internal component of the gateway. Importantly, there is no possibility of injecting malicious data that Liquibase would inadvertently parse. |
| authenticator | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-data | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-enterprise | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Portal 5.3 and 5.3.1 both are not affected. | |
| pssg | jackson-databind | CVE-2022-42004 | TRUE | 2.12.7.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Removed in 5.3.1 | |
| pssg | jackson-databind | CVE-2022-42004 | TRUE | 2.13.4 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 | Removed in 5.3.1 | |
| analytics-server | tomcat | CVE-2022-42252 | TRUE | 9.0.68 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42252 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | tomcat | CVE-2022-45143 | TRUE | 9.0.69 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45143 | Portal 5.3 and 5.3.1 both are not affected. | |
| apim | cxf | CVE-2022-46363 | TRUE | 3.4.10 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46363 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | GW is not using vulnerable attributes. |
| pssg | cxf | CVE-2022-46363 | TRUE | 3.4.10 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46363 | Removed in 5.3.1 | |
| apim | cxf | CVE-2022-46364 | TRUE | 3.4.10 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46364 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | GW is not using Apache CXF jar on MTOM Assertion. |
| pssg | cxf | CVE-2022-46364 | TRUE | 3.4.10 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46364 | Removed in 5.3.1 | |
| analytics-server | spring_boot | CVE-2023-20873 | TRUE | 2.5.15 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 | Portal 5.3 and 5.3.1 both are not affected. | |
| authenticator | spring_boot | CVE-2023-20873 | TRUE | 2.5.15 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | spring_boot | CVE-2023-20873 | TRUE | 2.5.15 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-data | spring_boot | CVE-2023-20873 | TRUE | 2.5.15 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-enterprise | spring_boot | CVE-2023-20873 | TRUE | 2.5.15 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 | Portal 5.3 and 5.3.1 both are not affected. | |
| tenant-provisioner | spring_boot | CVE-2023-20873 | TRUE | 2.5.15 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20873 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-data | commons_fileupload | CVE-2023-24998 | TRUE | 1.5 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24998 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-enterprise | commons_fileupload | CVE-2023-24998 | TRUE | 1.5 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24998 | Portal 5.3 and 5.3.1 both are not affected. | |
| tenant-provisioner | mybatis | CVE-2023-25330 | TRUE | 3.5.3.1 | CRITICAL | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25330 | Portal 5.3 and 5.3.1 both are not affected. | |
| apim | guava | CVE-2023-2976 | TRUE | 32.0.0 | IMPORTANT | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2976 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | FileBackedOutputStream not using in gateway |
| apim | guava | CVE-2023-2976 | TRUE | 32.0.0 | IMPORTANT | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2976 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | FileBackedOutputStream not using in gateway |
| pssg | guava | CVE-2023-2976 | TRUE | 32.0.0 | IMPORTANT | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2976 | Removed in 5.3.1 | |
| pssg | guava | CVE-2023-2976 | TRUE | 32.0.0 | IMPORTANT | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2976 | Removed in 5.3.1 | |
| portal-data | struts | CVE-2023-34396 | TRUE | 2.5.31 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34396 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | snappy-java | CVE-2023-34453 | TRUE | 1.1.10.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34453 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | snappy-java | CVE-2023-34453 | TRUE | 1.1.10.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34453 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | snappy-java | CVE-2023-34454 | TRUE | 1.1.10.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34454 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | snappy-java | CVE-2023-34454 | TRUE | 1.1.10.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34454 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | snappy-java | CVE-2023-34455 | TRUE | 1.1.10.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34455 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | snappy-java | CVE-2023-34455 | TRUE | 1.1.10.1 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-34455 | Portal 5.3 and 5.3.1 both are not affected. | |
| apim | okio | CVE-2023-3635 | TRUE | 1.17.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| authenticator | okio | CVE-2023-3635 | TRUE | 1.17.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | okio | CVE-2023-3635 | TRUE | 1.17.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-data | okio | CVE-2023-3635 | TRUE | 1.17.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-enterprise | okio | CVE-2023-3635 | TRUE | 1.17.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 | Portal 5.3 and 5.3.1 both are not affected. | |
| pssg | okio | CVE-2023-3635 | TRUE | 1.17.6 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3635 | Removed in 5.3.1 | |
| analytics-server | snappy-java | CVE-2023-43642 | TRUE | 1.1.10.4 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43642 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | snappy-java | CVE-2023-43642 | TRUE | 1.1.10.4 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43642 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | tomcat | CVE-2023-46589 | TRUE | 9.0.83 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46589 | Portal 5.3 and 5.3.1 both are not affected. | |
| rabbitmq | perl | CVE-2023-47038 | TRUE | 5.32.1-4+deb11u3 | IMPORTANT | 7.8 | https://security-tracker.debian.org/tracker/CVE-2023-47038 | Portal 5.3 and 5.3.1 both are not affected. | |
| analytics-server | expat | CVE-2023-52425 | TRUE | 2.6.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2023-52425 | 5.3 is not affected and 5.3.1 was already patched | |
| authenticator | expat | CVE-2023-52425 | TRUE | 2.6.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2023-52425 | 5.3 is not affected and 5.3.1 was already patched | |
| ingestion-server | expat | CVE-2023-52425 | TRUE | 2.6.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2023-52425 | 5.3 is not affected and 5.3.1 was already patched | |
| portal-data | expat | CVE-2023-52425 | TRUE | 2.6.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2023-52425 | 5.3 is not affected and 5.3.1 was already patched | |
| portal-enterprise | expat | CVE-2023-52425 | TRUE | 2.6.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2023-52425 | 5.3 is not affected and 5.3.1 was already patched | |
| tenant-provisioner | expat | CVE-2023-52425 | TRUE | 2.6.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2023-52425 | 5.3 is not affected and 5.3.1 was already patched | |
| analytics-server | logback | CVE-2023-6378 | TRUE | 1.2.13 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6378 | Portal 5.3 and 5.3.1 both are not affected. | |
| apim | logback | CVE-2023-6378 | TRUE | 1.2.13 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6378 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | logback receiver component is not used by API Gateway |
| authenticator | logback | CVE-2023-6378 | TRUE | 1.2.13 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6378 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | logback | CVE-2023-6378 | TRUE | 1.2.13 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6378 | Portal 5.3 and 5.3.1 both are not affected. | |
| pssg | logback | CVE-2023-6378 | TRUE | 1.2.13 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6378 | Removed in 5.3.1 | |
| rabbitmq | gnutls28 | CVE-2024-0553 | TRUE | 3.7.1-5+deb11u5 | IMPORTANT | 7.5 | https://security-tracker.debian.org/tracker/CVE-2024-0553 | 5.3.1 is not affected and 5.3 was already patched | |
| rabbitmq | gnutls28 | CVE-2024-0567 | TRUE | 3.7.1-5+deb11u5 | IMPORTANT | 7.5 | https://security-tracker.debian.org/tracker/CVE-2024-0567 | 5.3.1 is not affected and 5.3 was already patched | |
| apim | cxf | CVE-2024-29736 | TRUE | 3.5.9 | CRITICAL | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-29736 | GW 11.1.1 is not affected but GW 11.1 is vulenerable. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| pssg | cxf | CVE-2024-29736 | TRUE | 3.5.9 | CRITICAL | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2024-29736 | Removed in 5.3.1 | |
| apim | cxf | CVE-2024-32007 | TRUE | 3.5.9 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-32007 | GW 11.1.1 is not affected but GW 11.1 is vulenerable. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| pssg | cxf | CVE-2024-32007 | TRUE | 3.5.9 | IMPORTANT | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2024-32007 | Removed in 5.3.1 | |
| rabbitmq | krb5 | CVE-2024-37370 | TRUE | 1.18.3-6+deb11u5 | IMPORTANT | 7.5 | https://security-tracker.debian.org/tracker/CVE-2024-37370 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| rabbitmq | krb5 | CVE-2024-37371 | TRUE | 1.18.3-6+deb11u5 | CRITICAL | 9.1 | https://security-tracker.debian.org/tracker/CVE-2024-37371 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| analytics-server | expat | CVE-2024-45490 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45490 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| authenticator | expat | CVE-2024-45490 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45490 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| ingestion-server | expat | CVE-2024-45490 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45490 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| portal-data | expat | CVE-2024-45490 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45490 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| portal-enterprise | expat | CVE-2024-45490 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45490 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| tenant-provisioner | expat | CVE-2024-45490 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45490 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| analytics-server | expat | CVE-2024-45491 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45491 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| authenticator | expat | CVE-2024-45491 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45491 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| ingestion-server | expat | CVE-2024-45491 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45491 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| portal-data | expat | CVE-2024-45491 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45491 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| portal-enterprise | expat | CVE-2024-45491 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45491 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| tenant-provisioner | expat | CVE-2024-45491 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45491 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| analytics-server | expat | CVE-2024-45492 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45492 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| authenticator | expat | CVE-2024-45492 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45492 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| ingestion-server | expat | CVE-2024-45492 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45492 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| portal-data | expat | CVE-2024-45492 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45492 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| portal-enterprise | expat | CVE-2024-45492 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45492 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| tenant-provisioner | expat | CVE-2024-45492 | TRUE | 2.6.3-r0 | CRITICAL | 9.8 | https://www.cve.org/CVERecord?id=CVE-2024-45492 | Portal 5.3 is vulenerable but 5.3.1 was already patched | |
| analytics-server | curl | CVE-2024-6197 | TRUE | 8.9.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2024-6197 | Portal 5.3 and 5.3.1 both are not affected. | |
| authenticator | curl | CVE-2024-6197 | TRUE | 8.9.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2024-6197 | Portal 5.3 and 5.3.1 both are not affected. | |
| dispatcher | curl | CVE-2024-6197 | TRUE | 8.9.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2024-6197 | Portal 5.3 and 5.3.1 both are not affected. | |
| ingestion-server | curl | CVE-2024-6197 | TRUE | 8.9.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2024-6197 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-data | curl | CVE-2024-6197 | TRUE | 8.9.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2024-6197 | Portal 5.3 and 5.3.1 both are not affected. | |
| portal-enterprise | curl | CVE-2024-6197 | TRUE | 8.9.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2024-6197 | Portal 5.3 and 5.3.1 both are not affected. | |
| tenant-provisioner | curl | CVE-2024-6197 | TRUE | 8.9.0-r0 | IMPORTANT | 7.5 | https://www.cve.org/CVERecord?id=CVE-2024-6197 | Portal 5.3 and 5.3.1 both are not affected. | |
| apim | unbound-libs | RHSA-2024:0977 | TRUE | 0:1.16.2-3.el9_3.1 | IMPORTANT | 7.5 | https://access.redhat.com/errata/RHSA-2024:0977 | GW Debian 11 and 12 are already patched with the fix. | |
| pssg | unbound-libs | RHSA-2024:0977 | TRUE | 0:1.16.2-3.el9_3.1 | IMPORTANT | 7.5 | https://access.redhat.com/errata/RHSA-2024:0977 | Removed in 5.3.1 | |
| apim | unbound-libs | RHSA-2024:1750 | TRUE | 0:1.16.2-3.el9_3.5 | IMPORTANT | 8 | https://access.redhat.com/errata/RHSA-2024:1750 | GW Debian 11 and 12 are already patched with the fix. | |
| pssg | unbound-libs | RHSA-2024:1750 | TRUE | 0:1.16.2-3.el9_3.5 | IMPORTANT | 8 | https://access.redhat.com/errata/RHSA-2024:1750 | Removed in 5.3.1 | |
| apim | glibc | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| apim | glibc | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| apim | glibc-common | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| apim | glibc-minimal-langpack | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| pssg | glibc | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | Removed in 5.3.1 | |
| pssg | glibc | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | Removed in 5.3.1 | |
| pssg | glibc-common | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | Removed in 5.3.1 | |
| pssg | glibc-minimal-langpack | RHSA-2024:3339 | TRUE | 0:2.34-100.el9_4.2 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:3339 | Removed in 5.3.1 | |
| apim | python-unversioned-command | RHSA-2024:4078 | TRUE | 0:3.9.18-3.el9_4.1 | IMPORTANT | 7.8 | https://access.redhat.com/errata/RHSA-2024:4078 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| apim | python3 | RHSA-2024:4078 | TRUE | 0:3.9.18-3.el9_4.1 | IMPORTANT | 7.8 | https://access.redhat.com/errata/RHSA-2024:4078 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| apim | python3-libs | RHSA-2024:4078 | TRUE | 0:3.9.18-3.el9_4.1 | IMPORTANT | 7.8 | https://access.redhat.com/errata/RHSA-2024:4078 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| pssg | python3 | RHSA-2024:4078 | TRUE | 0:3.9.18-3.el9_4.1 | IMPORTANT | 7.8 | https://access.redhat.com/errata/RHSA-2024:4078 | Removed in 5.3.1 | |
| pssg | python3-libs | RHSA-2024:4078 | TRUE | 0:3.9.18-3.el9_4.1 | IMPORTANT | 7.8 | https://access.redhat.com/errata/RHSA-2024:4078 | Removed in 5.3.1 | |
| pssg | python-unversioned-command | RHSA-2024:4078 | TRUE | 0:3.9.18-3.el9_4.1 | IMPORTANT | 7.8 | https://access.redhat.com/errata/RHSA-2024:4078 | Removed in 5.3.1 | |
| apim | python3-setuptools-wheel | RHSA-2024:5534 | TRUE | 0:53.0.0-12.el9_4.1 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:5534 | GW 11.1 and GW 11.1.1 are not affected. Portal 5.3 uses GW 11.1 and 5.3.1 uses GW 11.1.1 | |
| pssg | python3-setuptools-wheel | RHSA-2024:5534 | TRUE | 0:53.0.0-12.el9_4.1 | IMPORTANT | 8.8 | https://access.redhat.com/errata/RHSA-2024:5534 | Removed in 5.3.1 |
Feedback
Yes
No
Powered by
