Question: Question about the following CEVs.
･ CVE-2018-1270 (vulnerability in Spring Framework)
･ CVE-2018-1271 (Directory Traversal with Spring MVC on Windows)
･ CVE-2018-1272 (Multipart Content Pollution with Spring Framework)
･ CVE-2018-1273 ( RCE with Spring Data Commons)
･ CVE-2018-1274 (Denial of Service with Spring Data)
･ CVE-2018-1258 (Unauthorized Access with Spring Security Method Security)
･ CVE-2018-1259 ( XXE with Spring Data’s XMLBeam integration)
･ CVE-2018-1260 ( Remote Code Execution with spring-security-oauth2)
･ CVE-2018-1263 ( Unsafe Unzip with spring-integration-zip)
Does API Portal take the influence of the security vulnerability? If so, does the CA provide that FIX?
･ CVE-2018-1270 : API Portal 3.x does not use Spring Messaging so it is not vulnerable.
･ CVE-2018-1271 : It is only an issue on Windows. Also Spring MVC is not used by the Portal 3.x
･ CVE-2018-1272 : multipart functionality of Spring is not used by the Portal 3.x
･ CVE-2018-1273 : Spring Data REST backed HTTP resources are not implemented on the Portal. Therefore, Portal 3.x are not vulnerable.
･ CVE-2018-1274 : Spring Data REST endpoints are not used by the Portal 3.x
･ CVE-2018-1258: Portal does not use Spring Security module.
･ CVE-2018-1259: Portal does not use Spring Data Commons module.
･ CVE-2018-1260: Portal does not use Spring Security Oauth2 module.
･ CVE-2018-1263: Portal does not use Spring Integration Zip module.