Impact of OpenSSL 3.x Vulnerabilities CVE-2022-3602 and CVE-2022-3786 on Arctera Capture 

book

Article ID: 100054297

calendar_today

Updated On:

Description

Description

OpenSSL Software Foundation has published multiple vulnerabilities and their mitigation steps as part of their announcement. As part of this article, we are tracking the following vulnerabilities and their impact on Arctera Capture. 

CVE-2022-3602  

      <li 335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],="" aria-setsize="-1" data-aria-level="1" data-aria-posinset="1" data-font="Symbol" data-leveltext="" data-list-defn-props="{" data-listid="1" role="listitem">

Severity: Critical  

      <li 335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],="" aria-setsize="-1" data-aria-level="1" data-aria-posinset="1" data-font="Symbol" data-leveltext="" data-list-defn-props="{" data-listid="1" role="listitem">

Base CVSS Score: 9.8 

      <li 335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],="" aria-setsize="-1" data-aria-level="1" data-aria-posinset="2" data-font="Symbol" data-leveltext="" data-list-defn-props="{" data-listid="1" role="listitem">

Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 

CVE-2022-3786 

      <li 335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],="" aria-setsize="-1" data-aria-level="1" data-aria-posinset="3" data-font="Symbol" data-leveltext="" data-list-defn-props="{" data-listid="1" role="listitem">

Severity: High  

      <li 335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],="" aria-setsize="-1" data-aria-level="1" data-aria-posinset="4" data-font="Symbol" data-leveltext="" data-list-defn-props="{" data-listid="1" role="listitem">

Base CVSS Score: 7.5 

      <li 335552541":1,"335559684":-2,"335559685":720,"335559991":360,"469769226":"symbol","469769242":[8226],="" aria-setsize="-1" data-aria-level="1" data-aria-posinset="1" data-font="Symbol" data-leveltext="" data-list-defn-props="{" data-listid="1" role="listitem">

Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 

Affected Versions: 

OpenSSL 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6 

Fixed Version: 

OpenSSL 3.0.7 

Impact 

Arctera Capture doesn’t utilize OpenSSL version 3.x and therefore is not impacted by these vulnerabilities. 

Mitigation 

There are no mitigation steps required/recommended for any version of Arctera Capture.  

Questions  

For questions or problems regarding these vulnerabilities please contact Support

Disclaimer 

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ARCTERA SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. 

Issue/Introduction

Impact of OpenSSL 3.x Vulnerabilities CVE-2022-3602 and CVE-2022-3786 on Arctera Capture 

Powered by Wolken Software