Update on OpenSSL vulnerability

Author

Venky Raju

Read Time

1 Minute

Last Updated

Nov 4, 2022

As previously announced, the OpenSSL team released version 3.0.7 today and published a note detailing two vulnerabilities: CVE-2022-3786 and CVE-2022-3602. The vulnerability was initially classified as “critical” but downgraded to “high” just before the release based on more testing and vendor feedback. Still, the OpenSSL team is urging all users to upgrade to version 3.0.7 as soon as possible.

It should be noted that NIST has assigned CVE-2022-3602 a base score of 9.8 and is, therefore, a critical vulnerability. ColorTokens Xcloud customers can use the “CVE ID” query to identify affected systems.

The ColorTokens SaaS-based Zero Trust Platform is not affected by this vulnerability, and no action is required by Xshield, Xprotect, and Xcloud customers.

Share this article

Related Posts

ColorTokens Advisory on OpenSSL vulnerability

How Zero Trust Secures Epic Systems and EHR Data

Log4Shell: How to Detect, Mitigate and Overcome Zero-Day Vulnerabilities