search cancel

CVE-2022-3602 and CVE-2022-3786 for CA Automic Applications Manager and RA_BANNER Agent

book

Article ID: 253363

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

CVE-2022-3602 and CVE-2022-3786 was published by OpenSSL on November 1st, 2022.  

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is CA Automic Applications Manager affected by this?

 

Environment

CA Automic Applications Manager 9.3x, 9.4x

RA_BANNER Agent

Cause

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Resolution

November 2, 2022

We have identified that none of the Apache Tomcat installer files we ship in 9.3.x and 9.4.x have been compiled with the affected versions of OpenSSL i.e. (3.0.x). These are instead compiled with OpenSSL v1.1.1x.
 
Hence, Applications Manager is NOT vulnerable.
 
RA Banner doesn't use OpenSSL and hence is NOT vulnerable.