![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 57.00000000000001%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,447 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
@Alejandro Castaño Jimenez Thank you for reaching out to Microsoft Q&A. For CVE-2013-0169 vulnerability, I think fix is to disable CBC ciphers and you can disable some CBC ciphers following docs: Manage protocols and ciphers in Azure API Management.
As mentioned in our public documentation, there are certain ciphers that are considered weak according to modern day industry standards, however, they cannot be disabled in API Management. Your API Management service runs on a computing platform that has several internal components that ensure the security, compliance, and availability of your service. Some of these components have a dependency on these ciphers and that is why these ciphers cannot be disabled in API Management Service currently.
All Azure services, including API Management, are required to comply with several security controls. There are internal processes and tools in place that ensure our services follow these controls and these mitigate the risks associated with having these weak ciphers enabled. You can learn more about Azure Security and Compliance standards here.
We will continue to perform internal reviews of API Management dependencies periodically and identify/implement any opportunities to further enhance the security and reliability of your API Management Service.