Threat Intelligence Exchange vulnerability response to CVE-2022-0778
Last Modified: 2022-04-05 04:42:45 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Threat Intelligence Exchange vulnerability response to CVE-2022-0778
Technical Articles ID:
KB95453
Last Modified: 2022-04-05 04:42:45 Etc/GMT Environment
Threat Intelligence Exchange (TIE) Server 3.x
Summary
This document describes the position of Product Sustaining relative to the support of a branded application. Overview This document addresses concerns about the TIE Server and the vulnerability listed below. Description CVE-2022-0778: In the OpenSSL 1.0.2 version, the public key isn't parsed during initial parsing of the certificate, which makes it slightly harder to trigger the infinite loop. But, any operation that requires the public key from the certificate triggers the infinite loop. National Vulnerability Database: CVE-2022-0778 Research and Conclusions The TIE Server engineering team has reviewed the vulnerability CVE-2022-0778 and determined that it applies to the TIE Server. Resolution Upgrade OpenSSL to
Affected ProductsLanguages:This article is available in the following languages: |
|