CVE-2022-1343

🗓️ 03 May 2022 15:15:21Reported by opensslType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 216 Views

The function `OCSP_basic_verify` in OpenSSL does not correctly handle the OCSP_NOCHECKS flag, potentially leading to incorrect verification results. Fixed in OpenSSL 3.0.3

Reporter	Title	Published	Views	Family All 92
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to multiple openSSL vulnerabilities in Node.js (CVE-2022-1434, CVE-2022-1343, CVE-2022-1473)	4 Jul 202213:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities [CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473]	12 Jul 202311:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities	17 Jun 202218:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors	8 Jul 202217:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to issues in OpenSSL (CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473 )	1 Feb 202315:37	–	ibm
Tenable Nessus	Amazon Linux 2022 : openssl (ALAS2022-2022-104)	7 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : openssl, openssl-devel, openssl-libs (ALAS2022-2022-195)	5 Nov 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-051)	21 Mar 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : openssl (ALSA-2022:6224)	16 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 9 : openssl-3.0.7-18.el9	26 Apr 202400:00	–	nessus

NVD

Vulners

Node

openssl opensslRange3.0.0–3.0.3

Node

netapp active_iq_unified_managerMatch-vsphere

netapp clustered_data_ontapMatch-

netapp clustered_data_ontap_antivirus_connectorMatch-

netapp santricity_smi-s_providerMatch-

netapp smi-s_providerMatch-

netapp snapmanagerMatch-hyper-v

netapp solidfire,_enterprise_sds_&_hci_storage_nodeMatch-

netapp solidfire_&_hci_management_nodeMatch-

Node

netapp a250_firmwareMatch-

AND

netapp a250Match-

Node

netapp a700s_firmwareMatch-

AND

netapp a700sMatch-

Node

netapp aff_500f_firmwareMatch-

AND

netapp aff_500fMatch-

Node

netapp aff_8300_firmwareMatch-

AND

netapp aff_8300Match-

Node

netapp aff_8700_firmwareMatch-

AND

netapp aff_8700Match-

Node

netapp aff_a400_firmwareMatch-

AND

netapp aff_a400Match-

Node

netapp fabric-attached_storage_a400_firmwareMatch-

AND

netapp fabric-attached_storage_a400Match-

Node

netapp fas_500f_firmwareMatch-

AND

netapp fas_500fMatch-

Node

netapp fas_8300_firmwareMatch-

AND

netapp fas_8300Match-

Node

netapp fas_8700_firmwareMatch-

AND

netapp fas_8700Match-

Node

netapp h300e_firmwareMatch-

AND

netapp h300eMatch-

Node

netapp h300s_firmwareMatch-

AND

netapp h300sMatch-

Node

netapp h410s_firmwareMatch-

AND

netapp h410sMatch-

Node

netapp h500e_firmwareMatch-

AND

netapp h500eMatch-

Node

netapp h500s_firmwareMatch-

AND

netapp h500sMatch-

Node

netapp h700e_firmwareMatch-

AND

netapp h700eMatch-

Node

netapp h700s_firmwareMatch-

AND

netapp h700sMatch-

[
  {
    "vendor": "OpenSSL",
    "product": "OpenSSL",
    "versions": [
      {
        "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)",
        "status": "affected"
      }
    ]
  }
]

Source	Link
git	www.git.openssl.org/gitweb/
openssl	www.openssl.org/news/secadv/20220503.txt
security	www.security.netapp.com/advisory/ntap-20220602-0009/
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf

05 May 2025 17:17Current

7High risk

Vulners AI Score7

CVSS 24.3

CVSS 3.15.3

EPSS0.00192

SSVC

CWE-295