Hi Marubun:
This won't be answered in the community because Broadcom does not like to discuss security related vulnerabilities in a public forum. Broadcom consistently and routinely applies security patches on the gateway platform so if you have any questions about particular CVE's then you may be able to find it from the CVE text files that accompany releases on the patches site which is only accessible to those with privileges. Our internal teams recently discussed options which may in the future provide a better and more secure way for partners and customers to search for security patch information.
Regards, Alex.
------------------------------
Solution Architect - Security & Integration
Broadcom Software Division,
Vancouver, B.C. Canada
------------------------------
Original Message:
Sent: Dec 06, 2022 03:01 AM
From: MARUBUN SUPPORT
Subject: About CVE-2022-23990、CVE-2022-43680
HI,
Please let me ask you a question.
[Environment]
CA API Gateway v10.0 CR3
[Question]
I know that the following vulumerabilities are reported.
CVE number:CVE-2022-23990、CVE-2022-43680
https://access.redhat.com/security/cve/cve-2022-23990
https://access.redhat.com/security/cve/cve-2022-43680
I think that API Gateway 10.0 is using expat.
Could you please tell me if the vulumerabilities have an impact on CR3?
If it has an impact on CR3, I would like to know the corresponding version.
Best regards,
Marubun Support