All Products: Are Carbon Black products affected by OpenSSL CVE-2022-3602 and CVE-2022-3786?
Article ID: 286898
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Are VMware Carbon Black products effected by the OpenSSL CVE's listed below?
- CVE-2022-3602
- CVE-2022-3786
Environment
- All Products
Resolution
To date, no VMware products have been found to be critically impacted by CVE-2022-3602 or CVE-2022-3786. Regardless, VMware products that consume OpenSSL 3.0.x will consume 3.0.7 fixes as a precautionary measure in upcoming releases.
Please see the full response linked below for detailed and updated information:
VMware Response to CVE-2022-3602 and CVE-2022-3786: vulnerabilities in OpenSSL 3.0.x
Additional Information
Investigations are ongoing as this is a developing event. If any currently supported VMware products are found to be critically impacted by CVE-2022-3602 and CVE-2022-3786 a VMware Security Advisory (VMSA) will be published documenting the required call to action for impacted product(s).
VMware Carbon Black has four products that can enable our customers to identify vulnerable systems: Vulnerability Management for Workloads, Vulnerability Management for Endpoints, Container Security, and Audit and Remediation. Read more in this post.
VMware Carbon Black has four products that can enable our customers to identify vulnerable systems: Vulnerability Management for Workloads, Vulnerability Management for Endpoints, Container Security, and Audit and Remediation. Read more in this post.
Feedback
Yes
No
Powered by
