Delphix Products

We are aware of the recently published vulnerabilities in OpenSSL v3.0.0 - 3.0.6 (CVE-2022-3602 & CVE-2022-3786). OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.  These vulnerabilities are only realized in certain circumstances where an attacker can control the content of a certificate presented to either a client or server and either a CA has signed a malicious certificate or the victim continues certificate verification despite failure to construct a path to a trusted issuer.  

Delphix products do not use any of the affected versions of OpenSSL.

Impact:

• There is no impact to the Delphix Continuous Data (Virtualization) Engine.
• There is no impact to the Delphix Continuous Compliance (Masking) Engine.
• There is no impact to Data Control Tower (DCT) SaaS.
• There is no impact to Data Control Tower (DCT) Multi Cloud.
• There is no impact to Hyperscale Masking (Compliance)
• There is no impact to Containerized Masking (Compliance)
• There is no impact to Continuous Compliance Services (CCS) for CRM

• ZDNET: OpenSSL warns of critical security vulnerability with upcoming patch
• Akamai: Effectively Preparing for the OpenSSL 3.x Vulnerability
• SANS: Upcoming Critical OpenSSL Vulnerability: What will be Affected?

#cve-2022-3786