Skip to content

Protect against the OpenSSL vulnerability

Here’s what you need to know about the high severity vulnerabilities in OpenSSL versions 3.0 and above.

TRY TANIUM FREE GET YOUR RISK SCORE

How your organization could be affected

On November 1, OpenSSL issued version 3.0.7 to address high severity vulnerabilities found in versions 3.0 and above. The key to reducing your organization's risk is to find, patch and remediate any affected implementations as soon as possible. However, patching third-party open-source libraries like OpenSSL can be challenging.

1

Is this another Log4Shell?

No. The vulnerability isn’t as widespread or critical, but both CVE-2022-3786 and CVE-2022-3602 should still be patched as soon as possible.

2

Will this be widespread?

Even though OpenSSL is used from IoT devices to enterprise applications, the circumstances required for the exploit are specific and therefore not expected to be widespread.

3

Why is this challenging to find?

OpenSSL is source code that can be distributed statically or dynamically, resulting in dependencies that are challenging, sometimes impossible, for traditional vulnerability scanners to find.

Quickly find and fix your OpenSSL vulnerabilities with Tanium SBOM

Patching widely used third-party open-source libraries like OpenSSL across your organization requires a multi-layered approach. Tanium SBOM is designed to identify every software application in your environment and endpoints where the vulnerable package exists.

Read our full guidance

Find it

Whether installed as its own service or as repackaged dependencies, find the vulnerable OpenSSL package.

Take control

Based on your organization’s risk tolerance, make granular decisions about your applications.

Fix it

Finding them is only half the battle. Within the same Tanium console, patch your OpenSSL vulnerabilities.

Think you’re exposed?

We can help. Tanium can quickly find vulnerable software packages, patch them and continuously monitor as the situation evolves.

TRY TANIUM TODAY SCHEDULE A DEMO

More resources

BLOG

How to Use Tanium SBOM to Protect From Latest OpenSSL Critical Vulnerability

Today, the OpenSSL team released OpenSSL version 3.0.7. This release includes fixes for two noteworthy “High” severity vulnerabilities

READ MORE
COMMUNITY

How Tanium Can Help Identify OpenSSL 3.0.X

See our guidance on how to identify OpenSSL 3.0.X using Tanium Software Bill of Materials (SBOM)

READ MORE
MODULE

Tanium SBOM

We won't know what the next supply chain vulnerability is going to be, but with Tanium, know how your applications are affected before it happens so that when it does, you're ready to take action.

Learn More