CVE-2022-3602 & CVE-2022-3786 - Service Management
Article ID: 253220
Updated On:
Products
CA Service Desk Manager
CA Service Catalog
CA IT Asset Manager
CA Service Management - Asset Portfolio Management
CA Service Management - Service Desk Manager
Issue/Introduction
CVE-2022-3602 & CVE-2022-3786 were published in the National Vulnerability Database on November 1st, 2022.
CVE: CVE-2022-3602 - High
Base CVSS 3.1 Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE: CVE-2022-3786 - High
Base CVSS 3.1 Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
The vulnerability is caused with the use of OpenSSL versions 3.0 and above.
Are the Service Management products vulnerable?
Environment
CA Service Management
All Supported Operating Systems
Resolution
The Service Management products below are NOT using a vulnerable version of OpenSSL and therefore are NOT impacted by this vulnerability.
List of Service Management products NOT affected by this vulnerability:
- CA Service Desk Manager (SDM - including xFlow and ServicePoint)
- CA Service Catalog
- IT Asset Manager (ITAM)
- CA Business Service Insight (BSI)
- Process Automation (ITPAM)
- Embedded Entitlement Manager (EEM)
Feedback
Yes
No
Powered by
