OpenSSL 3.x Vulnerability and M-Files

Version 2

Last updated: 11/03/2022, 10:30 AM EET           


Dear Customer,

OpenSSL project released a new version of the OpenSSL library (version 3.0.7) on Tuesday Nov 1st, 2022, that patched two high level security vulnerabilities (CVE-2022-3602 & CVE-2022-3786) in OpenSSL versions 3.0.0 to 3.0.6.

M-Files has taken immediate actions to identify any potential exposure and risks arising from the vulnerability. M-Files team has been able to identify some components with vulnerable OpenSSL versions, and managed to confirm that their application within M-Files product does not lead to possibility of exploitation. Even though M-Files still proceeds with suggested actions and performs updates to version 3.0.7.

You can follow any updates regarding the vulnerability from our security advisory page: Security Advisories | M-Files 

Should you have further questions please contact:

Best regards,

M-Files Security

Change log: 

Version 1                 First notification

Version 2                Details on vulnerability updated and summary of actions added