Skip to content

OpenSSL patched today.

Posted by: GuidePoint Security

< 1 min read

November 1, 2022 – Published on The Cyberwire

Today, November 1st, OpenSSL is releasing a patch for a critical vulnerability in OpenSSL versions 3.0.0 and above.

How to interpret OpenSSL’s downgrading of the vulnerability from “Critical” to “High Severity.”

Added, 1:45 PM, 11.1.22.

Victor Wieczorek, VP of App Sec, Threat & Attack Simulation at GuidePoint Security, notes that OpenSSL has changed its rating of the vulnerability from “critical” to “high severity,” and thinks this gets it right, given the challenges of exploitation: 

“The move from ‘critical’ vulnerability to ‘high severity’ is appropriate, given the analysis that the OpenSSL Project provided. Exploiting this vulnerability requires quite a bit of set up and a number of factors to fall into place before it could be leveraged. Organizations should perform analysis to see if they are impacted, although there are relatively limited affected systems, as the attack primarily impacts the client-side, not the server. Technologies like SCA (software composition analysis) tools can help organizations identify where these components are so they can create an inventory and then a plan for remediation based on risk.”

Read More HERE.

Categories: Application Security Cybersecurity News

GuidePoint Security

Application Security as a Service Overview
With our AppSec as a Service offering, we enable you to effectively launch your application security program and evolve and […]
Download

Related Articles

View All

  • Application Security
Application Security as a Service Overview
Read More < 1 min read
  • Application Security
Application Security Practice Overview
Read More < 1 min read
  • Application Security
OpenSSL vulnerability now rated ‘high’ but should be taken seriously
Read More 2 min read