API-GW Vulnerability (CVE-2018-2562)

Document ID : KB000111959
Last Modified Date : 30/08/2018
Show Technical Document Details
Question:
Does API Gateway take the influence of the security vulnerability?
If so, is the fix included in the product?

・CVE-2018-2562
Environment:
API Gateway 8.x
API Gateway 9.x
 
Answer:
Latest MPP already has the updated versions for mysql components as per below, which contains the fix for this CVE so if the customer has applied the latest MPP, this vulnerability should not affect them.
This CVE was resolved by Jan 2018 MPP.



=======
CVE-2018-2562 affects versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior.
July 2018 MPP contains:

MySQL-client-advanced-5.5.60-1.el6.x86_64.rpm
mysql-commercial-client-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-common-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-libs-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-libs-compat-5.7.22-1.1.el6.x86_64.rpm
mysql-commercial-server-5.7.22-1.1.el6.x86_64.rpm
MySQL-server-advanced-5.5.60-1.el6.x86_64.rpm
MySQL-shared-advanced-5.5.60-1.el6.x86_64.rpm
MySQL-shared-compat-advanced-5.5.60-1.el6.x86_64.rpm