Version 2
Last updated: 11/03/2022, 10:30 AM EET
Dear Customer,
OpenSSL project released a new version of the OpenSSL library (version 3.0.7) on Tuesday Nov 1st, 2022, that patched two high level security vulnerabilities (CVE-2022-3602 & CVE-2022-3786) in OpenSSL versions 3.0.0 to 3.0.6.
M-Files has taken immediate actions to identify any potential exposure and risks arising from the vulnerability. M-Files team has been able to identify some components with vulnerable OpenSSL versions, and managed to confirm that their application within M-Files product does not lead to possibility of exploitation. Even though M-Files still proceeds with suggested actions and performs updates to version 3.0.7.
You can follow any updates regarding the vulnerability from our security advisory page: Security Advisories | M-Files
Should you have further questions please contact: security@m-files.com.
Best regards,
M-Files Security
Change log:
Version 1 First notification
Version 2 Details on vulnerability updated and summary of actions added