Update on OpenSSL vulnerability

Author

Venky Raju

Read Time

1 Minute

Last Updated

Jun 16, 2023

table of contents

As previously announced, the OpenSSL team released version 3.0.7 today and published a note detailing two vulnerabilities: CVE-2022-3786 and CVE-2022-3602. The vulnerability was initially classified as “critical” but downgraded to “high” just before the release based on more testing and vendor feedback. Still, the OpenSSL team is urging all users to upgrade to version 3.0.7 as soon as possible.

It should be noted that NIST has assigned CVE-2022-3602 a base score of 9.8 and is, therefore, a critical vulnerability. ColorTokens Xcloud customers can use the “CVE ID” query to identify affected systems.

OpenSSL-Update-1024x699.png

The ColorTokens SaaS-based Zero Trust Platform is not affected by this vulnerability, and no action is required by Xshield, Xprotect, and Xcloud customers.