Why is Active IQ Unified Manager not affected by CVE-2023-4807?
Applies to
Active IQ Unified Manager
Answer
- In the case of AIQUM for Linux(vApp and RHEL), the NIST descriptionof this CVE explicitly states that the vulnerability is on Windows x64 platforms. The vulnerability concerns the implementation of a specific CPU instruction in a specific cipher in the Windows x64 release of OpenSSL. The Linux implementation within OpenSSL for this cipher does not use that instruction or implementation.
- For the Windows release of AIQUM, AIQUM does not ship OpenSSL. If the system is on Windows and is showing in security scans for this CVE, this indicates OpenSSL was installed separately for some reason, and should be upgradeable separately in the same way.