About OracleJDK Vulnerability - API Portal

Document ID : KB000095940
Last Modified Date : 14/06/2018
Show Technical Document Details
Question:
Does API Portal take the influence of the security vulnerability? 
If so, is the fix included in the product? 

・CVE-2018-2783 
・CVE-2018-2795 
・CVE-2018-2798 
・CVE-2018-2800 
・CVE-2018-2796 
・CVE-2017-10090 
・CVE-2017-10101 
・CVE-2017-10096 
・CVE-2017-10110 
・CVE-2017-10087 
・CVE-2017-10107 
・CVE-2017-10089 
・CVE-2017-10102 
・CVE-2017-10346 
・CVE-2017-10285 
・CVE-2017-10115 
・CVE-2017-10118 
・CVE-2017-10176 
・CVE-2017-10067 
・CVE-2017-10116 
・CVE-2017-10074 
・CVE-2017-10309 
・CVE-2017-10388 
・CVE-2017-10274 
・CVE-2018-2814
Environment:
CA API Developer Portal - 3.1
CA API Developer Portal - 3.5
Answer:
API Portal is not affected by these vulnerabilities.

CVE-2018-2783 : Portal does not expose any ports used by the Java Security component
CVE-2018-2795 : Portal does not use serialization for any of its functionality
CVE-2018-2798 : Portal does not use serialization for any of its functionality
CVE-2018-2800 : Portal does not use RMI for any of its functionality
CVE-2018-2796 : Portal does not use Java serialization for any functionality
CVE-2017-10067 : Does not affect server deployments
CVE-2017-10074 : Does not affect server deployments
CVE-2017-10087 : Does not affect server deployments
CVE-2017-10089 : Does not affect server deployments
CVE-2017-10090 : Does not affect server deployments
CVE-2017-10096 : Does not affect server deployments
CVE-2017-10101 : Does not affect server deployments
CVE-2017-10102 : API Portal does not use or expose RMI
CVE-2017-10107 : Does not affect server deployments
CVE-2017-10110 : Does not affect server deployments
CVE-2017-10116 : API Portal does not use LDAPCertStore
CVE-2017-10274 : Does not affect server deployments
CVE-2017-10285 : Does not affect server deployments
CVE-2017-10309 : Does not affect server deployments
CVE-2017-10346 : Does not affect server deployments
CVE-2017-10388 : API Portal does not use Kerberos
CVE-2018-2814   : Does not affect server deployments

API Portal is not likely to be these vulnerabilities.

CVE-2017-10115 :  Addressed in Java 8u161 which is included with 3.5CR7
CVE-2017-10118 :  Addressed in Java 8u141. 3.5CR7 includes Java 8u161.
CVE-2017-10176 :  Addressed in Java 8u141. 3.5CR7 includes Java 8u161.