search cancel

CVE-2022-3602 & CVE-2022-3786 - CA Client Automation

book

Article ID: 253239

calendar_today

Updated On:

Products

CA Client Automation CA Client Automation - Asset Intelligence CA Client Automation - Asset Management CA Client Automation - Desktop Migration Manager CA Client Automation - IT Client Manager CA Client Automation - Patch Manager CA Client Automation - Remote Control CA Client Automation - Software Delivery

Issue/Introduction

CVE-2022-3602 & CVE-2022-3786 was published in the National Vulnerability Database on November 1st, 2022.   More information can be found here

CVE: CVE-2022-3602 - High
Base CVSS 3.1 Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE: CVE-2022-3786 - High
Base CVSS 3.1 Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is the CA Client Automation solution vulnerable?

Environment

CA Client Automation

All Supported Operating Systems

Resolution

CA Client Automation does NOT use a vulnerable version of OpenSSL and therefore is NOT impacted by this vulnerability.