search cancel

CVE-2022-3602 & CVE-2022-3786 - JasperSoft 7.9

book

Article ID: 253958

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

CVE-2022-3602 & CVE-2022-3786 were published in the National Vulnerability Database on November 1st, 2022.   

CVE-2022-3602 - High
Base CVSS 3.1 Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CVE-2022-3786 - High
Base CVSS 3.1 Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C

The vulnerability is caused with the use of OpenSSL versions 3.0 and above.

Is JasperSoft 7.9 vulnerable?

Environment

JasperSoft 7.9

All Supported Windows Operating Systems

Resolution

TIBCO has advised that JasperSoft 7.9 and JasperStudio are NOT impacted by this vulnerability.

TIBCO has established this public notice for the OpenSSL V3 vulnerability and its impact on TIBCO products:

https://www.tibco.com/support/notices/2022/11/openssl-vulnerability

This site is updated regularly.