ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2022-0778 impact on UIM 20.3 and 20.4

book

Article ID: 240161

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

Does UIM 20.3 and 20.4 are impacted by CVE-2022-0778 open ssl ?

.

Environment

Release : 20.3 and 20.4

Component : UNIFIED INFRASTRUCTURE MGMT

Resolution

UIM 20.3 is  affected by the CVE-2022-0778 as It is using OpenSSL 1.0.2p. UIM 20.4 using OpenSSL1.1.1k but CVE-2022-0778 was addressed in the releases of 1.1.1n on 15th March 2022.

We are planning to upgrade OpenSSL to OpenSSL 1.1.1n as early as possible.