CVE-2022-3602 & CVE-2022-3786 were published in the National Vulnerability Database on November 1st, 2022.   More information can be found here (https://nvd.nist.gov/vuln/detail/CVE-2022-3602 and https://nvd.nist.gov/vuln/detail/CVE-2022-3786).

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is CA Harvest Change Manager vulnerable?

CA Harvest Software Change Manager v14.x

An E-Fix for Harvest 14.0.2 Cumulative patch(with the upgraded OpenSSL version 3.0.7) is available to address the reported vulnerability.
This is available for all supported platforms on Windows and Non windows.

Please reach out to the support team for the E-Fixes.