Layer7 API Management

  • Private Community
 View Only

  • 1.  About CVE-2022-40303、CVE-2022-40304、CVE-2022-23308

    Posted Dec 06, 2022 03:15 AM
    HI,

    Please let me ask you a question.

    [Environment]
    CA API Gateway v10.0 CR1 and CR3

    [Question]
    I know that the following vulumerabilities are reported.
    CVE number:CVE-2022-40303、CVE-2022-40304、CVE-2022-23308
    https://access.redhat.com/security/cve/cve-2022-40303
    https://access.redhat.com/security/cve/cve-2022-40304
    https://access.redhat.com/security/cve/cve-2022-23308

    CR1 and CR3 are using libxml2.
    Correct or not?
    If it is correct,
    Could you please tell me if the vulumerabilities have an impact on CR1 and CR3?
    If it has an impact on CR1 and CR3, I would like to know the corresponding version.

    Best regards,
    Marubun Support


  • 2.  RE: About CVE-2022-40303、CVE-2022-40304、CVE-2022-23308

    Broadcom Employee
    Posted Dec 06, 2022 11:18 AM
    Hello,

    Questions regarding CVE's are  addressed via  a ticket with Broadcom support.
    Original Message


  • 3.  RE: About CVE-2022-40303、CVE-2022-40304、CVE-2022-23308

    Posted Dec 06, 2022 06:43 PM
    HI,

    Thank you for your update.
    I will ask the question with Broadcom support.

    Best regards,
    Hirokazu.M,
    Original Message