Are VMware Carbon Black products effected by the OpenSSL CVE's listed below?
To date, no VMware products have been found to be critically impacted by CVE-2022-3602 or CVE-2022-3786. Regardless, VMware products that consume OpenSSL 3.0.x will consume 3.0.7 fixes as a precautionary measure in upcoming releases.
Please see the full response linked below for detailed and updated information:
VMware Response to CVE-2022-3602 and CVE-2022-3786: vulnerabilities in OpenSSL 3.0.x