Is Identity Manager affected by the following OpenSSL vulnerabilities?
CVE-2023-0216: https://nvd.nist.gov/vuln/detail/CVE-2023-0216
CVE-2023-0217: https://nvd.nist.gov/vuln/detail/CVE-2023-0217
CVE-2023-0401: https://nvd.nist.gov/vuln/detail/CVE-2023-0401
CVE-2023-4203: https://nvd.nist.gov/vuln/detail/CVE-2022-4203
CVE-2023-0286: https://nvd.nist.gov/vuln/detail/CVE-2023-0286
Release : 14.3
The vulnerabilities CVE-2023-0216, CVE-2023-0217, CVE-2023-0401, CVE-2023-4203, CVE-2023-0286 affect OpenSSL version 3.0.0 - 3.0.7.
Identity Manager is using the following OpenSSL version:
- On vApp 14.4, the latest version is openssl-1.1.1k-7.el8
- IMPS component is using OpenSSL 1.0.2n
- CAPKI component is using OpenSSL 1.0.2zb
- ADCertUtil is using OpenSSL 0.9.8.3-9
So there is no component in Identity Manager is using OpenSSL version 3.0.0 - 3.0.7
Identity Manager is not affected by the above OpenSSL vulnerabilities.