UPDATED NOVEMBER 2:
N-able is aware OpenSSL.org released two vulnerabilities (CVE-2022-3602 and CVE-2022-3786) that affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7.
After thorough investigation, our team has determined N-able’s products are not impacted by this vulnerability.
ORIGINAL POST NOVEMBER 1:
N-able is aware for the first time in 10 years, OpenSSL.org released details of two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.
The vulnerabilities (CVE-2022-3602 and CVE-2022-3786) affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7.
We are continuing to determine where OpenSSL exists in our products to determine our risk profile and upgrade the affected products as quickly as possible.
At this time we have determined the following products and solutions are not impacted by this vulnerability:
- N-Central
We continue to investigate this potential vulnerability and will continue to update this list.