Are Carbon Black products affected by OpenSSL CVE-2022-3602 and CVE-2022-3786?
search cancel

Are Carbon Black products affected by OpenSSL CVE-2022-3602 and CVE-2022-3786?

book

Article ID: 286898

calendar_today

Updated On: 03-12-2025

Products

Carbon Black App Control (formerly Cb Protection) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Are VMware Carbon Black products effected by the OpenSSL CVE's listed below?

  • CVE-2022-3602
  • CVE-2022-3786

Environment

  • All Products

Resolution

To date, no VMware products have been found to be critically impacted by CVE-2022-3602 or CVE-2022-3786. Regardless, VMware products that consume OpenSSL 3.0.x will consume 3.0.7 fixes as a precautionary measure in upcoming releases.

Please see the full response linked below for detailed and updated information:
VMware Response to CVE-2022-3602 and CVE-2022-3786: vulnerabilities in OpenSSL 3.0.x