Problem

Is SecureTransport vulnerable to CVE-2015-7547?

Resolution

The Axway Secure Transport (ST) product does not include the glibc library in the product distribution and therefore ST has no remediation required. Details are addressed in CVE-2015-7457 on the attack vector and how the getaddrinfo() function is exploitable if the glibc package is not updated. Axway recommends that customers upgrade their glibc packages to a non-vulnerable version.

With the above said, Axway released an update for Axway Appliance OS that upgrades the glibc packages to a non-vulnerable version. Customers are encouraged to contact Axway Global Support for instructions how to upgrade the Appliance OS.