Problem

-- is API Gateway vulnerable to OpenSSL CVE CVE-2022-1292 ?

https://nvd.nist.gov/vuln/detail/CVE-2022-1292

Resolution

* The fix is available in API Gateway 7.7 May 22 release.

* For older releases the vulnerability isn't directly exploitable because the script doesn't come with enough rights and is not used by API Gateway. However scan tools will detect the vulnerability. Customers who want to be cautious (because of the CVSS score) and are not ready to upgrade can delete the c_rehash file manually.