search cancel

CVE-2022-3602 & CVE-2022-3786 - Mobile Device Management

book

Article ID: 253241

calendar_today

Updated On:

Products

CA Mobile Device Management

Issue/Introduction

CVE-2022-3602 & CVE-2022-3786 was published in the National Vulnerability Database on November 1st, 2022.   More information can be found here

CVE: CVE-2022-3602 - High
Base CVSS 3.1 Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE: CVE-2022-3786 - High
Base CVSS 3.1 Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is the CA Mobile Device Management (MDM) product vulnerable?

Environment

CA Mobile Device Management

All Supported Operating Systems

Resolution

CA Mobile Device Management does NOT use a vulnerable version of OpenSSL and therefore is NOT impacted by this vulnerability.