search cancel

CVE-2022-3602 / CVE 2022-3786 and DX Unified Infrastructure Manager (UIM/Nimsoft)

book

Article ID: 253222

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Service Operations Insight (SOI) CA Capacity Manager CA Application Delivery Analysis (NetQoS / ADA) CA Application Delivery Analysis MTP (NetQoS / ADA)

Issue/Introduction

CVE-2022-3602 and related CVE-3786 were published in the National Vulnerability Database on November 1st, 2022.   More information can be found here:

https://nvd.nist.gov/vuln/detail/CVE-2022-3602

https://nvd.nist.gov/vuln/detail/CVE-2022-3786

Is DX UIM/Nimsoft vulnerable?

Resolution

Broadcom engineering has investigated and confirmed that UIM is not vulnerable.

The impacted version(s) of OpenSSL are not used by any version or component of UIM.

Published: November 1 2022, 12:13pm EST

updated: november 1 2022, 3:35pm EST (updated CVE numbers and links)

Additional Information

Affected versions of OpenSSL are: (3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).

 

UIM is not using any 3.x version of OpenSSL.