OpenSSL 3.x Vulnerabilities (CVE-2022-3786 and CVE-2022-3602)

Update from November 2, 2022

The Dynatrace team has finished analyzing each occurrence of OpenSSL taking into account the newly released information on OpenSSL 3.x vulnerabilities (CVE-2022-3786 and CVE-2022-3602).

None of the Dynatrace components are affected, as the vulnerable OpenSSL versions are not used.

  • Dynatrace SaaS, Dynatrace Managed
    • Not affected.
    • OpenSSL version 3.x is not used.
  • Dynatrace ActiveGate
    • Not affected.
    • OpenSSL version 3.x is not used.
  • Dynatrace OneAgent
    • Not affected.
    • OpenSSL version 3.x is not used.

Update from October 31, 2022

The Dynatrace team is actively reviewing the recently announced critical OpenSSL 3.x vulnerability.

The Dynatrace team is currently analyzing each occurrence of OpenSSL. None of the Dynatrace components listed below are affected, as the vulnerable OpenSSL versions are not used.

  • Dynatrace SaaS, Dynatrace Managed
    • Not affected.
    • OpenSSL version 3.x is not used.
  • Dynatrace ActiveGate
    • Not affected.
    • OpenSSL version 3.x is not used.
  • Dynatrace OneAgent
    • Not affected.
    • OpenSSL version 3.x is not used.

We will continue to assess the situation and provide further status updates on this page.

Notice

This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.

Get article updates or report security vulnerabilities

Dynatrace takes a proactive approach in communicating security vulnerability information to customers. Learn more about Dynatrace security and our security policy. To report a security issue, email security@dynatrace.com.

RSS feed Report issue