CVE-2022-3602 and CVE-2022-3786 was published by OpenSSL on November 1st, 2022.
The vulnerability is caused with the use of OpenSSL versions 3.0 and above.
Is Dollar Universe Application server affected by this vulnerability?
Only Dollar Universe Application Server 6.10.101 and 7.00.01 are impacted as they use OpenSSL v3.0.5 (lower versions are not impacted).
Broadcom's engineering team has confirmed that Dollar Universe Application Server 6.10.101 and 7.00.01 is impacted by this vulnerability and they are looking into this on priority.
Impacted Component:
Not Impacted Component
The Application Server (DUAS) vulnerability is addressed in the version 6.10.102 and 7.0.11, which uses OpenSSL 3.0.7
Please check back on this article regularly for updates.