Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

All Products: Are Carbon Black products affected by OpenSSL CVE-2022-3602 and CVE-2022-3786?

All Products: Are Carbon Black products affected by OpenSSL CVE-2022-3602 and CVE-2022-3786?

Environment

  • All Products

Question

Are VMware Carbon Black products effected by the OpenSSL CVE's listed below?

  • CVE-2022-3602
  • CVE-2022-3786

Answer

To date, no VMware products have been found to be critically impacted by CVE-2022-3602 or CVE-2022-3786. Regardless, VMware products that consume OpenSSL 3.0.x will consume 3.0.7 fixes as a precautionary measure in upcoming releases.

Please see the full response linked below for detailed and updated information:
VMware Response to CVE-2022-3602 and CVE-2022-3786: vulnerabilities in OpenSSL 3.0.x


Additional Notes

Investigations are ongoing as this is a developing event. If any currently supported VMware products are found to be critically impacted by CVE-2022-3602 and CVE-2022-3786 a VMware Security Advisory (VMSA) will be published documenting the required call to action for impacted product(s).

VMware Carbon Black has four products that can enable our customers to identify vulnerable systems: Vulnerability Management for Workloads, Vulnerability Management for Endpoints, Container Security, and Audit and Remediation.  Read more in this post.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-04-2022
Views:
328
Contributors