search cancel

CloudSOC CVE-2022-37454 Response


Article ID: 253438


Updated On:


CASB Security Advanced CASB Security Premium CASB Security Standard


The customer wants to know if CASB services are affected by CVE-2022-37454 (


Comments from the SED Engineering team:

CVE-2022-37454 should not impact any of our products for two reasons: (a) the issue exists in the "reference-implementation" of SHA-3, called "Keccak XKCP." It is highly unlikely for a reference implementation to be used in practice (OpenSSL, for example, does not use it), and (b) SHA-3 is not as widely adopted even though it has been around for a while since SHA-2 is adequate for all practical purposes. Therefore, the vulnerability should not impact the CloudSOC CASB for the above reasons. The respective security leads will continue to analyze and monitor.