Is the DLP product vulnerable to CVE-2022-0778
search cancel

Is the DLP product vulnerable to CVE-2022-0778


Article ID: 238389


Updated On:


Data Loss Prevention Endpoint Prevent


Symantec Enterprise Support have received concerns about the the vulnerability CVE-2022-0778 present in OpenSSL as the DLP product installation has a libssl-3-x64.dll. The listed vulnerability was published in March of 2022.


DLP 15.8, 16.0


The CVE-2022-0778 vulnerability has been analysed and it was confirmed that DLP is not affected by this vulnerability. 

DLP does not use OpenSSL in server mode (not for the receiving end) in the endpoint agent or any detection server. DLP uses OpenSSL ONLY in client mode on all endpoints and servers. 

The CVE-2022-0778 vulnerability is triggered when parsing Elliptic-Curve which cannot be used by DLP agents as agents only use the RSA certificate issued by the DLP root CA with no way for this RSA cert to be changed by a customer.

You should not attempt to remove or replace newer versions of any 3rd party libraries in DLP as this is unsupported and will resulted in braking the product.

As with other non-impacting vulnerabilities the expectation is that your organisation add an exception to their vulnerability scanner for the DLP product as is common for other products that publish non-applicability to CVE for their products.