OpenSSL Project announced the following Security Advisory on Feb 7.
Does it affect PIM or PAMSC?
CVE-2023-0286, CVE-2022-4304, CVE-2023-0215 : for OpenSSL 3.0, 1.1.1, 1.0.2
CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401 : for OpenSSL 3.0.0 - 3.0.7
CVE-2022-4450 : for OpenSSL 3.0, 1.1.1
Release : All
CA Privileged Identity Manager 12.9.x or before is using OpenSSL 1.0.1x.
So, it does not affect this vulnerability.
CA Privileged Identity Manager 14.0 and Privileged Access Manager Server Control 14.0/14.1 is using OpenSSL 1.0.2x.
But, OpenSSL is using a part of our function. Then it does not use the implementation at this vulnerability.
All versions which are included Server Component and Endpoint, are not affected by this vulnerability.