PSIRT NEWS: An update on the OpenSSL vulnerability CVE-2022-3602

IBM Support IBM Product Security Central IBM PSIRT News IBM PSIRT News Security vulnerabilities affecting IBM products

An update on the OpenSSL vulnerability CVE-2022-3602

Updated November 1, 2022

IBM is responding to the reported buffer overflow vulnerability that the OpenSSL open source community disclosed for OpenSSl versions 3.0.0 - 3.0.6. We are taking action as an enterprise and for IBM products and services that may potentially be impacted, as we do for all vulnerabilities rated High.
Note: OpenSSL pre-announced on October 25, 2022, that OpenSSL 3.0.7 would fix a Critical vulnerability. Its vulnerability disclosure today downgraded the vulnerability to High.
IBM clients concerned about the applicability of this vulnerability to IBM products should, as with any other security vulnerability, continue to monitor IBM Product Security Central for product specific security bulletins and fixes.
References:
Updated October 31, 2022

IBM preparing to respond to upcoming OpenSSL vulnerability

October 31, 2022: IBM is preparing to respond to a reported critical vulnerability in OpenSSL (widely-used open source software) that is anticipated to be disclosed by the owning open source community on November 1, 2022.

IBM is investigating and taking proactive steps as an enterprise and for IBM products and services that may potentially be impacted, as we do of all critical vulnerabilities.
 
IBM recommends that you continue to monitor IBM Product Security Central for security bulletins published with product fixes.
 
IBM also recommends organizations running OpenSSL:
  • Check for OpenSSL 3.0.0+ in your environments and applications
  • Implement latest patch to production environments as soon as available from OpenSSL
  • Monitor for vendor patches as they become available
 
References:

Page Feedback