search cancel

CVE-2022-3602 & CVE-2022-3786 - Configuration Automation

book

Article ID: 253243

calendar_today

Updated On:

Products

CA Configuration Automation

Issue/Introduction

CVE-2022-3602 & CVE-2022-3786 was published in the National Vulnerability Database on November 1st, 2022.   More information can be found here

CVE: CVE-2022-3602 - High
Base CVSS 3.1 Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE: CVE-2022-3786 - High
Base CVSS 3.1 Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is the CA Configuration Automation (CCA) product vulnerable?

Environment

CA Configuration Automation

All Supported Operating Systems

Resolution

CA Configuration Automation does NOT use a vulnerable version of OpenSSL and therefore is NOT impacted by this vulnerability.