Delphix Products

 View Only

Delphix Response to OpenSSL Vulnerability Advisory

By Chris Price posted 11-01-2022 07:40:59 PM

  

We are aware of the recently published vulnerabilities in OpenSSL v3.0.0 - 3.0.6 (CVE-2022-3602 & CVE-2022-3786). OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.  These vulnerabilities are only realized in certain circumstances where an attacker can control the content of a certificate presented to either a client or server and either a CA has signed a malicious certificate or the victim continues certificate verification despite failure to construct a path to a trusted issuer.  

Delphix products do not use any of the affected versions of OpenSSL.

Impact:

  • There is no impact to the Delphix Continuous Data (Virtualization) Engine.
  • There is no impact to the Delphix Continuous Compliance (Masking) Engine.
  • There is no impact to Data Control Tower (DCT) SaaS.
  • There is no impact to Data Control Tower (DCT) Multi Cloud.
  • There is no impact to Hyperscale Masking (Compliance)
  • There is no impact to Containerized Masking (Compliance)
  • There is no impact to Continuous Compliance Services (CCS) for CRM

Additional references:


#security
#CVE
#OpenSSL
#cve-2022-3602

#cve-2022-3786

​​​​​
0 comments
38 views

Permalink