start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

(This blog will be updated with additional information as needed) 

The OpenSSL projectannounced details of vulnerabilities that exist in versions of the OpenSSL software versions earlier than version 3.0.7.  They have released OpenSSL Version 3.0.7 to address these security vulnerabilities. OpenSSL is the core open-source library that implements SSL and TLS protocols which makes it possible to securely communicate over the internet. It impacts Linux operating systems and some variants including Mac OS Ventura and Node.js 18 and 19. 

About the Vulnerability 

The OpenSSL project had originally communicated this vulnerability as Critical, however, it has since been downgraded to High per the latest advisory from OpenSSL.  They have indicated it does not impact versions of OpenSSL prior to V3.0.

This Vulnerability Is Known to Impact: 

  • Linux operating systems and some variants such as Ubuntu and macOS Ventura 
  • Containers and container images 
  • Node.js 18.x and 19.x which are JavaScript runtimes 
  • Code developed by C/C++ developers who embedded OpenSSL V3.0 or above 

Recommended Actions for BigFix Users 

  1. Review the latest details from OpenSSL at 
  2. Identify vulnerable systems with OpenSSL V3.0 and above 
    1. Perform an Inventory scan (BigFix Inventory signatures in development) 
      1. Refer to the BigFix Forum for the software signature information once published 
      2. Review other sources of scanning software and tools for OpenSSL version at 
  3. Upgrade to OpenSSL to V3.0.7 as soon as possible to prevent a potential breach or attack 
    1. The BigFix team will be publishing vendor fixlets addressing this vulnerability in an expedited timeline
    2. Watch the BigFix Forum for content release announcements, as well as the BigFix Forum link below for our overall response.
  4. Keep abreast of updates on the Big Forum: 


Comment wrap
Automation | September 6, 2023
BigFix Runbook AI Enables Organizations to Streamline IT Operations and Improve Productivity
Come check out how BigFix’s new Runbook AI feature enables organizations to streamline their IT operations and improve productivity.
Automation | August 4, 2023
Using Threat Intelligence for Proactive Protection
Learn how organizations can proactively combine the power of automation with reliable threat intelligence to keep cyber threats at bay.
Automation | August 4, 2023
Genuine Parts Company and ESM Technology Inc Develops Innovative Visibility and Analytics Solution Using BigFix
Read the blog and learn how Genuine Parts Company and ESM Technology Inc develops innovative visibility and analytics solution using BigFix