Layer 7 API gateway is not affected by openssl CVE-2024-12797
search cancel

Layer 7 API gateway is not affected by openssl CVE-2024-12797

book

Article ID: 388153

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

CVE-2024-12797 could allow an attacker to carry out an adversary in the middle attack (AitM) to intercept what is supposed to be secured TLS communications between a client and the server.

Resolution

This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2, while the gateway 11.1 is on openssl 3.0.x, 

-- The last Jan 11.1 MPP, openssl_3.0.15-1~deb12u1_amd64.deb

-- Earlier version of gateway has lower version of openssl.

So the gateway is not affected.

 

Note that RHEL 9 is affected as per https://access.redhat.com/security/cve/CVE-2024-12797

 

Additional Information