search cancel

CVE-2022-3602 & CVE-2022-3786 - CA Harvest Software Change Manager

book

Article ID: 253319

calendar_today

Updated On:

Products

CA Harvest Software Change Manager CA Harvest Software Change Manager - OpenMake Meister

Issue/Introduction

CVE-2022-3602 & CVE-2022-3786 were published in the National Vulnerability Database on November 1st, 2022.   More information can be found here (https://nvd.nist.gov/vuln/detail/CVE-2022-3602 and https://nvd.nist.gov/vuln/detail/CVE-2022-3786).

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is CA Harvest Change Manager vulnerable?

Environment

CA Harvest Software Change Manager v14.x

Resolution

An E-Fix for Harvest 14.0.2 Cumulative patch(with the upgraded OpenSSL version 3.0.7) is available to address the reported vulnerability.
This is available for all supported platforms on Windows and Non windows.

Please reach out to the support team for the E-Fixes.  For any further questions , please reach out to the Engineering team 

[email protected]  - Product Owner

[email protected] - Engineering Team