Numecent Response to CVE-2022-3602 and CVE-2022-3786 OpenSSL 3 Buffer Overflow

Posted about 2 years ago by Kyle Goebel

  • Pinned Topic
  • Topic is Locked
Kyle Goebel
Kyle Goebel Admin

Numecent Response to CVE-2022-3602 and CVE-2022-3786 OpenSSL 3 Buffer Overflow

November 4th, 2022


Numecent has determined the recently discovered OpenSSL 3 vulnerabilities, CVE-2022-3602 and CVE-2022-3786 do not impact Cloudpaging or Cloudpager.


These vulnerabilities apply to OpenSSL versions 3.0.0 to 3.0.6. We can confirm that no Numecent product users are affected based on the following:

  • Cloudpaging Server & Enterprise Portal – Cloudpaging Server and Enterprise do not use the OpenSSL libraries and are thus unaffected. However, we strongly recommend that customers who have configured their Tomcat to use JSSE with OpenSSL or Apache Portable Runtime (APR) upgrade their OpenSSL engine to 3.0.7 immediately.
  • Cloudpaging Player & Studio – While Cloudpaging Player 9.3.3 and Studio 9.3.0 use OpenSSL, they do not utilize the functionalities affected by the vulnerabilities.
  • Cloudpaging CDN – CCDN does not use Open SSL 3 and is not affected.
  • Cloudpager – Cloudpager does not use Open SSL 3 and is not affected.


Security is a top concern here at Numecent. While there are no vulnerabilities impacting the current implementation of OpenSSL used by Cloudpaging Player and Cloudpaging Studio, we will be providing an update to ensure our customers have the latest OpenSSL 3 version available.


Numecent will continue to monitor and provide updates to the potential impact of the vulnerability on Numecent managed services and on-premises installations.


Customers can view our Cloudpaging Server - Apache Vulnerability Warnings article for a list of known Apache Tomcat vulnerabilities.

0 Votes


0 Comments