On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
freebsd freebsd 12.2 |
||
netapp santricity_smi-s_provider_firmware - |
||
netapp storagegrid_firmware - |
||
windriver linux - |
||
windriver linux 18.0 |
||
windriver linux 19.0 |
||
windriver linux 17.0 |
||
netapp oncommand workflow automation - |
||
netapp storagegrid - |
||
netapp ontap select deploy administration utility - |
||
netapp cloud volumes ontap mediator - |
||
fedoraproject fedora 34 |
||
tenable nessus agent |
||
tenable nessus |
||
tenable nessus network monitor 5.11.1 |
||
tenable nessus network monitor 5.12.0 |
||
tenable nessus network monitor 5.12.1 |
||
tenable nessus network monitor 5.13.0 |
||
tenable nessus network monitor 5.11.0 |
||
oracle jd edwards world security a9.4 |
||
oracle weblogic server 12.2.1.4.0 |
||
oracle weblogic server 14.1.1.0.0 |
||
oracle enterprise manager for storage management 13.4.0.0 |
||
oracle secure global desktop 5.6 |
||
oracle graalvm 20.3.1.2 |
||
oracle graalvm 21.0.0.2 |
||
oracle graalvm 19.3.5 |
||
oracle mysql server |
||
oracle mysql workbench |
||
oracle commerce guided search 11.3.2 |
||
oracle mysql connectors |
||
oracle jd edwards enterpriseone tools |
||
oracle mysql enterprise monitor |
||
oracle secure backup |
||
oracle peoplesoft enterprise peopletools |
||
mcafee web gateway cloud service 10.1.1 |
||
mcafee web gateway cloud service 9.2.10 |
||
mcafee web gateway cloud service 8.2.19 |
||
mcafee web gateway 10.1.1 |
||
mcafee web gateway 9.2.10 |
||
mcafee web gateway 8.2.19 |
||
sonicwall sma100_firmware |
||
sonicwall sonicos |
||
sonicwall email security |
||
sonicwall capture client |
||
nodejs node.js |
Debian, Ubuntu ahead of the curve in patching at least – don't be late yourself How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well
Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. Alternatives include BoringSSL and LibreSSL, among others. The first flaw, a certificate check bypass (CVE-2021-3450), arose as a result of code implemented in v1.1.1h to pe...