Skip to main content
Answer

OpenSSL 3.0 Vulnerabilities

  • November 9, 2022
  • 3 replies
  • 58 views
S

I’m looking for information on whether your organization is aware of the OpenSSL 3.0 vulnerabilities disclosed earlier this month, summarized in CVE-2022-3602 and CVE-2022-3786.  If so, have you investigated whether any of your internal systems are vulnerable and have you mitigated those vulnerabilities if they exist?

Thank you!

Best answer by John

@sgaucher - please see below for a recent response from our InfoSec and Product teams, in re: to the vulnerabilities you’ve mentioned:

OpenSSL Security Advisory (CVE-2022-3786 and CVE-2022-3602)

Docebo is not affected by the reported vulnerabilities in our product since the affected versions of the software are not used in any part of the product infrastructure.

3 replies

John
Docebian
Forum|alt.badge.img+3
  • John
  • Docebian
  • Answer
  • November 14, 2022

@sgaucher - please see below for a recent response from our InfoSec and Product teams, in re: to the vulnerabilities you’ve mentioned:

OpenSSL Security Advisory (CVE-2022-3786 and CVE-2022-3602)

Docebo is not affected by the reported vulnerabilities in our product since the affected versions of the software are not used in any part of the product infrastructure.

Bfarkas
S
  • sgaucher
  • Author
  • Newcomer
  • November 14, 2022

Awesome, thanks John!

John
Bfarkas
John
Docebian
Forum|alt.badge.img+3
  • John
  • Docebian
  • November 14, 2022

You are most welcome! 

Terms & ConditionsCookie settingsAccessibility statement