Hello Venkat,
As long as I checked the CVE-2017-3599 on the following Oracle web page, API Gateway 9.3 and 9.4 are NOT affected by the vulnerability.
https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
CVE-2017-3599 | MySQL Server | Server: Pluggable Auth | MySQL Protocol | Yes | 7.5 | Network | Low | None | None | Un- changed | None | None | High | 5.6.35 and earlier, 5.7.17 and earlier | |
[API Gateway 9.3]
# rpm -q mysql-commercial-server
mysql-commercial-server-5.7.20-1.1.el6.x86_64
[API Gateway 9.4]
# rpm -q mysql-commercial-server
mysql-commercial-server-5.7.23-1.1.el6.x86_64
Both versions are newer than the affected versions.
Best regards,
Seiji