About API vulnerability of API-GW

Document ID : KB000100856
Last Modified Date : 31/08/2018
Show Technical Document Details
Question:
Does API Gateway take the influence of the security vulnerability? 
If so, is the fix included in the product? 

・CVE-2017-10090 
・CVE-2017-10101 
・CVE-2017-10096 
・CVE-2017-10110 
・CVE-2017-10087 
・CVE-2017-10107 
・CVE-2017-10089 
・CVE-2017-10102 
・CVE-2017-10346 
・CVE-2017-10285 
・CVE-2017-10115 
・CVE-2017-10118 
・CVE-2017-10176 
・CVE-2017-10067 
・CVE-2017-10116 
・CVE-2017-10074 
・CVE-2017-10309 
・CVE-2017-10388 
・CVE-2017-10274
・CVE-2018-2796
・CVE-2018-2814 
Environment:
API Gateway 8.3
Answer:

・CVE-2017-10309 : Version of java used by API Gateway 8.3 is not affected by the vulnerability.

・CVE-2018-2796 :   The specific java class in question (PriorityBlockingQueue) is not used by the Gateway application.
                                    API Gateway 8.3 is not affected by the vulnerability.

​・CVE-2018-2814  : This CVE typically only affects the client side, not the server deployment:
                                  API Gateway 8.3 is not affected by the vulnerability.

The following is solved by applying 8.3.02.CR1.
CVE-2017-10090
CVE-2017-10101
CVE-2017-10096
CVE-2017-10110
CVE-2017-10087
CVE-2017-10107
CVE-2017-10089
CVE-2017-10102
CVE-2017-10118
CVE-2017-10176
CVE-2017-10067
CVE-2017-10116
CVE-2017-10074

The following does not correspond yet in 8.3.
Upgrade to 9.3 is recommended.
CVE-2017-10346
CVE-2017-10285
CVE-2017-10115
CVE-2017-10388
CVE-2017-10274