Environment
- CB Response Server: 6.x and Below
- Swagger UI: 3.23.10 and Below
Question
Is CB Response susceptible to the Swagger UI exploit in CVE-2019-17495?
Answer
CB Response Server does not utilize the Swagger UI option by default.
Additional Notes
- The Swagger UI function is hidden and turned off by default.
- CB Response 7.0 Server Release will include a newer version of Swagger UI with the applied security update.
Related Content