search cancel

CVE-2022-3602 & CVE-2022-3786 - Service Management

book

Article ID: 253220

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Catalog CA IT Asset Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

CVE-2022-3602 & CVE-2022-3786 were published in the National Vulnerability Database on November 1st, 2022.   

CVE: CVE-2022-3602 - High
Base CVSS 3.1 Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE: CVE-2022-3786 - High
Base CVSS 3.1 Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Are the Service Management products vulnerable?

Environment

CA Service Management

All Supported Operating Systems

Resolution

The Service Management products below are NOT using a vulnerable version of OpenSSL and therefore are NOT impacted by this vulnerability.

List of Service Management products NOT affected by this vulnerability:

  • CA Service Desk Manager (SDM - including xFlow and ServicePoint)
  • CA Service Catalog
  • IT Asset Manager (ITAM)
  • CA Business Service Insight (BSI)
  • Process Automation (ITPAM)
  • Embedded Entitlement Manager (EEM)