search cancel

OpenSSL CVE-2022-3602 and CVE-2022-3786 and Dollar Universe

book

Article ID: 253361

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

CVE-2022-3602 and CVE-2022-3786 was published by OpenSSL on November 1st, 2022.  

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is Dollar Universe Application server affected by this vulnerability?

Resolution

Only Dollar Universe Application Server 6.10.101 and 7.00.01 are impacted as they use OpenSSL v3.0.5 (lower versions are not impacted).

Broadcom's engineering team has confirmed that Dollar Universe Application Server 6.10.101 and 7.00.01 is impacted by this vulnerability and they are looking into this on priority.  Please check back on this article regularly for updates.

Please note that Reporter, Univewer Console(UVC, WebConsole, WebStart), UVMS and DU Explorer are not impacted by this vulnerability.