Openssl vulnerabilies CVE-2022-3602 and CVE-2022-3786 in SiteMinder
search cancel

Openssl vulnerabilies CVE-2022-3602 and CVE-2022-3786 in SiteMinder

book

Article ID: 253745

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Concerned whether the following CVE's for OpenSSL impact any Siteminder components, since Siteminder bundles OpenSSL with the Policy Server, Access Gateway and the Agent for Sharepoint.

CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow

  • Versions Impacted: OpenSSL 3.0.0 before 3.0.7 

CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow

  • Versions Impacted: Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6) 

 

Environment

PRODUCT: Symantec Siteminder

COMPONENT: Access Gateway Server

VERSION: r12.8.7; r12.8.8; r12.8.8.1; r12.9

OS: ANY

Cause

CVE-2022-3786: X.509 Email Address Variable Length Buffer Overflow

  • Versions Impacted: OpenSSL 3.0.0 before 3.0.7 

CVE-2022-3602: X.509 Email Address 4-byte Buffer Overflow

  • Versions Impacted: Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6) 

Resolution

There are no Siteminder components impacted by these CVE's. 

Siteminder Access Gateway r12.8.8.1 and older ships with OpenSSL 1.0.2

Siteminder Access Gateway r12.9 ships with OpenSSL 3.4.0

 

Additional Information

Powered by Wolken Software