Is Portal MySql vulnerable to these OpenSSL vulnerabilities?
search cancel

Is Portal MySql vulnerable to these OpenSSL vulnerabilities?

book

Article ID: 278325

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

Is the DX NetOps Portal MySql version vulnerable to these vulnerabilities?

Is Portal impacted by these CVE's triggered by internal security scans?

Plug In ID: 184811

PlugIn Name: OpenSSL 1.1.1 < 1.1.1x Vulnerability
PlugIn Text: "Plugin Output:

  Path             : /opt/CAPM/MySql/lib/private/libssl.so.1.1
  Reported version : 1.1.1t
  Fixed version    : 1.1.1x

  Path             : /opt/CAPM/MySql/lib/private/libcrypto.so.1.1
  Reported version : 1.1.1t
  Fixed version    : 1.1.1x"

Plug In ID: 178475

Plugin Name: OpenSSL 1.1.1 < 1.1.1v Vulnerability
PlugIn Text:  "Plugin Output: 

  Path             : /opt/CAPM/MySql/lib/private/libssl.so.1.1
  Reported version : 1.1.1t
  Fixed version    : 1.1.1v

  Path             : /opt/CAPM/MySql/lib/private/libcrypto.so.1.1
  Reported version : 1.1.1t
  Fixed version    : 1.1.1v"

Plug In ID: 173260

PlugIn Name: OpenSSL 1.1.1 < 1.1.1u Multiple Vulnerabilities
PlugIn Text: "Plugin Output: 

  Path             : /opt/CAPM/MySql/lib/private/libssl.so.1.1
  Reported version : 1.1.1t
  Fixed version    : 1.1.1u

  Path             : /opt/CAPM/MySql/lib/private/libcrypto.so.1.1
  Reported version : 1.1.1t
  Fixed version    : 1.1.1u

Environment

All supported DX NetOps Portal releases 23.3.2 and earlier

Cause

Plug In ID: 184811 is referring to CVE-2023-5678

Plug In ID: 178475 is referring to CVE-2023-3446

Plug In ID: 173260 is referring to CVE-2023-0464

Resolution

Upgrade to NetOps releases 23.3.3 or newer.

  • Portal 23.3.2 and earlier releases use MySql versions that utilize OpenSSL 1.1. They are vulnerable.
  • Portal 23.3.3 through 23.3.5 moves to MySql 8.0.34 where it switches to OpenSSL 3.0 libraries. They are not vulnerable.