Layer7 API Management

 View Only
  • 1.  About CVE-2022-23990、CVE-2022-43680

    Posted Dec 06, 2022 03:02 AM
    HI,

    Please let me ask you a question.

    [Environment]
    CA API Gateway v10.0 CR3

    [Question]
    I know that the following vulumerabilities are reported.
    CVE number:CVE-2022-23990、CVE-2022-43680
    https://access.redhat.com/security/cve/cve-2022-23990
    https://access.redhat.com/security/cve/cve-2022-43680

    I think that API Gateway 10.0 is using expat.
    Could you please tell me if the vulumerabilities have an impact on CR3?
    If it has an impact on CR3, I would like to know the corresponding version.

    Best regards,
    Marubun Support


  • 2.  RE: About CVE-2022-23990、CVE-2022-43680

    Broadcom Employee
    Posted Dec 15, 2022 07:59 PM
    Hi Marubun:

    This won't be answered in the community because Broadcom does not like to discuss security related vulnerabilities in a public forum.   Broadcom consistently and routinely applies security patches on the gateway platform so if you have any questions about particular CVE's then you may be able to find it from the CVE text files that accompany releases on the patches site which is only accessible to those with privileges.   Our internal teams recently discussed options which may in the future provide a better and more secure way for partners and customers to search for security patch information. 

    Regards, Alex. 


    ------------------------------
    Solution Architect - Security & Integration
    Broadcom Software Division,
    Vancouver, B.C. Canada
    ------------------------------