search cancel

Openssl vulnerabilies CVE-2022-3602 and CVE-2022-3786 in SiteMinder

book

Article ID: 253745

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

When running SiteMinder components such as Policy Server and CA Access Gateway (SPS) are vulnerable to the following:    

  CVE-2022-3602

    a 4-byte stack-buffer overflow that can be triggered when verifying TLS (X.509) certificates

  CVE-2022-3786

    an arbitrary length stack-buffer overflow that can be triggered when verifying TLS (X.509) certificates, but does not let the attacker control the overflown data

 

Resolution

 

At first glance, following the Broadcom advisories, SiteMinder components aren't vulnerable to these (1).

 

Additional Information

 

(1)

    Symantec Security Advisory for OpenSSL CVE-2022-3786 | CVE-2022-3602

      [...omitted for brevity...]

      The following products are not vulnerable:

    [...omitted for brevity...]

      Symantec SiteMinder