All Products: Are Carbon Black products affected by OpenSSL CVE-2022-3602 and CVE-2022-3786?
Are VMware Carbon Black products effected by the OpenSSL CVE's listed below?
To date, no VMware products have been found to be critically impacted by CVE-2022-3602 or CVE-2022-3786. Regardless, VMware products that consume OpenSSL 3.0.x will consume 3.0.7 fixes as a precautionary measure in upcoming releases.
Investigations are ongoing as this is a developing event. If any currently supported VMware products are found to be critically impacted by CVE-2022-3602 and CVE-2022-3786 a VMware Security Advisory (VMSA) will be published documenting the required call to action for impacted product(s).
VMware Carbon Black has four products that can enable our customers to identify vulnerable systems: Vulnerability Management for Workloads, Vulnerability Management for Endpoints, Container Security, and Audit and Remediation. Read more in this post.