- Description
- CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
- Hype score
- Not currently trending
- Comment
- <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:api_gateway:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D1A83AF-E209-4242-82A9-334D7A5859AC"
},
{
"criteria": "cpe:2.3:a:broadcom:api_gateway:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85A4F8B6-6299-4E98-B643-4BFBAC81C2C1"
},
{
"criteria": "cpe:2.3:a:broadcom:api_gateway:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05AA0421-CB13-403C-BF9F-F423F47761C4"
},
{
"criteria": "cpe:2.3:a:broadcom:api_gateway:8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "371FD974-2C83-4639-B517-4C1F47AD5F57"
},
{
"criteria": "cpe:2.3:a:broadcom:api_gateway:8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82E2C040-0EDF-48DE-997D-1E069AA82002"
},
{
"criteria": "cpe:2.3:a:broadcom:api_gateway:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2559E997-8C81-4CF8-A0A1-36D40E775BD8"
}
],
"operator": "OR"
}
]
}
]