API-GW Vulnerability (CVE-2018-5390)

Document ID : KB000112494
Last Modified Date : 30/08/2018
Show Technical Document Details
Question:
Does API Gateway take the influence of the security vulnerability? 
If so, is the fix included in the product? 

・CVE-2018-5390
Environment:
API Gateway 8.x
API Gateway 9.x
Answer:
Platform Update on August 2018 includes OS patches corresponding to CVE-2018-5390.
For the appliance version, please apply the following Platform Update.

https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-api-gateway-solutions-and-patches.html

API Gateway9.x:
CA_API_PlatformUpdate_64bit_v9.X-CentOS-2018-08-24.L7P 
CA_API_PlatformUpdate_64bit_v9.X-RHEL-2018-08-26.L7P

API Gateway8.x:
CA_API_PlatformUpdate_64bit_v8.1-RHEL-2018-08-26.L7P