Spring Framework CVEs in Gateway
Article ID: 395191
Updated On: 04-23-2025
Products
CA API Gateway
Issue/Introduction
Security scan found the following Spring framework CVEs in Gateway 11.1.1.
CVE-2024-38808
CVE-2024-38809
CVE-2024-38816
CVE-2024-38828
Environment
API Gateway
Resolution
- CVE-2024-38816 is a high impact vulnerability and it affects WebMvc.fn or WebFlux.fn components. These components are not used in Gateway, so no impact on Gateway.
- CVE-2024-38808, CVE-2024-38809, and CVE-2024-38828 are medium impact vulnerability and these will be tentatively addressed in the next release of the gateway 11.1.3. This version is expected to be available in September 2025.
Feedback
Was this article helpful?
Yes
No
Powered by
