CVE-2016-2183 (Sweet32) SSL vulnerability - Spectrum 10.3.0

book

Article ID: 129615

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

The CVE-2016-2183 (Sweet32) SSL vulnerability was reported by some customers using CA Spectrum 10.3.0. 

Cause

This vulnerability was reported due to the version of the OpenSSL (1.0.1l) embedded in CA Spectrum 10.3.0.

Environment

CA Spectrum 10.3.0

Resolution

Customers should upgrade to CA Spectrum to 10.3.1 version, that was embedded with a new version of OpenSSL (1.0.2p), that contains the fix for this vulnerability.

In Spectrum 10.3.1 documentation, it refers to CAPKI 5.2.

Additional Information

https://docops.ca.com/ca-spectrum/10-3-1/en/third-party-software-license-acknowledgements

https://www.openssl.org/news/secadv/20160922.txt