OpenSSL CVE-2022-3602 and CVE-2022-3786 and Dollar Universe

search cancel

OpenSSL CVE-2022-3602 and CVE-2022-3786 and Dollar Universe

book

Article ID: 253361

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

CVE-2022-3602 and CVE-2022-3786 was published by OpenSSL on November 1st, 2022.

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is Dollar Universe Application server affected by this vulnerability?

Cause

Only Dollar Universe Application Server 6.10.101 and 7.00.01 are impacted as they use OpenSSL v3.0.5 (lower versions are not impacted).

Broadcom's engineering team has confirmed that Dollar Universe Application Server 6.10.101 and 7.00.01 is impacted by this vulnerability and they are looking into this on priority.

Impacted Component:

Application Server (DUAS)

Not Impacted Component

Reporter
Univewer Console(UVC, WebConsole, WebStart)
UVMS
DU Explorer

Resolution

The Application Server (DUAS) vulnerability is addressed in the version 6.10.102 and 7.0.11, which uses OpenSSL 3.0.7

Please check back on this article regularly for updates.

Feedback

thumb_up Yes

thumb_down No