Key Information from the Vulnerability Advisory Advisory ID: NTAP-20221028-0014 Version: 10.0 Last Updated: 2023-01-02 Status: Final Summary Vulnerability: Multiple NetApp products incorporate OpenSSL. OpenSSL versions 3.0 prior to 3.0.5 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Impact Outcome: Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Vulnerability Scoring Details CVE: CVE-2022-3358 CVSS Score: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Exploitation and Public Disclosure Status: NetApp is aware of public discussions regarding this issue. Remediation Action: NetApp uses cookies, which may require user consent. See cookie policy for details. References Advisory CORAR: This advisory should be considered Affected Products Note: This advisory should be considered in context with the latest releases and Support products and versions. ``` Extraction of Key Data Vulnerability ID: CVE-2022-3358 CVSS Score: 7.5 (High) Affected Products: Multiple NetApp products that include OpenSSL 3.0 up to but not including 3.0.5 Potential Impact: Disclosure of sensitive information Additional Information: NetApp advisory is up to date as of January 2023, and the mitigation involves updates to OpenSSL and potentially cookie settings related to web interactions.