Is Identity Manager product affected by OpenSSL vulnerabilities CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-4203, CVE-2023-0286?
search cancel

Is Identity Manager product affected by OpenSSL vulnerabilities CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-4203, CVE-2023-0286?

book

Article ID: 260733

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Is Identity Manager affected by the following OpenSSL vulnerabilities?

CVE-2023-0216: https://nvd.nist.gov/vuln/detail/CVE-2023-0216

CVE-2023-0217: https://nvd.nist.gov/vuln/detail/CVE-2023-0217

CVE-2023-0401: https://nvd.nist.gov/vuln/detail/CVE-2023-0401

CVE-2023-4203: https://nvd.nist.gov/vuln/detail/CVE-2022-4203

CVE-2023-0286: https://nvd.nist.gov/vuln/detail/CVE-2023-0286

 

Environment

Release : 14.3

Resolution

The vulnerabilities CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-4203, CVE-2023-0286 affect OpenSSL version 3.0.0 - 3.0.7.

Identity Manager is using the following OpenSSL version:
    - On vApp 14.4, the latest version is openssl-1.1.1k-7.el8
    - IMPS component is using OpenSSL 1.0.2n
    - CAPKI component is using OpenSSL 1.0.2zb
    - ADCertUtil is using OpenSSL 0.9.8.3-9

So there is no component in Identity Manager is using OpenSSL version 3.0.0 - 3.0.7
Identity Manager is not affected by the above OpenSSL vulnerabilities.