We are aware of the recently published vulnerabilities in OpenSSL v3.0.0 - 3.0.6 (CVE-2022-3602 & CVE-2022-3786). OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. These vulnerabilities are only realized in certain circumstances where an attacker can control the content of a certificate presented to either a client or server and either a CA has signed a malicious certificate or the victim continues certificate verification despite failure to construct a path to a trusted issuer.
Delphix products do not use any of the affected versions of OpenSSL.
Impact:
- There is no impact to the Delphix Continuous Data (Virtualization) Engine.
- There is no impact to the Delphix Continuous Compliance (Masking) Engine.
- There is no impact to Data Control Tower (DCT) SaaS.
- There is no impact to Data Control Tower (DCT) Multi Cloud.
- There is no impact to Hyperscale Masking (Compliance)
- There is no impact to Containerized Masking (Compliance)
- There is no impact to Continuous Compliance Services (CCS) for CRM
Additional references:
#security#CVE#OpenSSL#cve-2022-3602
#cve-2022-3786