CVE-2024-12797 could allow an attacker to carry out an adversary in the middle attack (AitM) to intercept what is supposed to be secured TLS communications between a client and the server.

This issue was introduced in the initial implementation of RPK support in OpenSSL 3.2, while the gateway 11.1 is on openssl 3.0.x, 

-- The last Jan 11.1 MPP, openssl_3.0.15-1~deb12u1_amd64.deb

-- Earlier version of gateway has lower version of openssl.

So the gateway is not affected.

Note that RHEL 9 is affected as per https://access.redhat.com/security/cve/CVE-2024-12797

https://access.redhat.com/security/cve/CVE-2024-12797