Hi
What is the next available patch update for Microfocus COBOL Server 8.0 that will update the security vulnerability of the openssl included.
Current installed:
cobol v8.0.0
PRN=K1CRH/AAK:Ao.U4.13.04
PTI=32/64 bit
PTI=Micro Focus COBOL Server 8.0 - Patch Update 08
PTI=Patch Update 08
PTI=pkg_324515
PTI=MFInstaller
Scan vulnerability:
Path : /opt/microfocus/VisualCOBOL/bin/openssl
Reported version : 1.1.1t
Fixed version : 1.1.1x
Thanks,
Aldous
Hi
What is the next available patch update for Microfocus COBOL Server 8.0 that will update the security vulnerability of the openssl included.
Current installed:
cobol v8.0.0
PRN=K1CRH/AAK:Ao.U4.13.04
PTI=32/64 bit
PTI=Micro Focus COBOL Server 8.0 - Patch Update 08
PTI=Patch Update 08
PTI=pkg_324515
PTI=MFInstaller
Scan vulnerability:
Path : /opt/microfocus/VisualCOBOL/bin/openssl
Reported version : 1.1.1t
Fixed version : 1.1.1x
Thanks,
Aldous
Do you happen to know which CVE vulnerability is being reported?
According to the knowledgebase article here if it is OpenSSL CVE-2023-5678, then this is considered to be a false positive.
If you are not using openssl then you could simply remove it from the product to avoid the reported vulnerability.
The new version of openssl is available in V9.0 PU6 and later but it may be in earlier versions too. You should probably open up a support ticket to get a definitive answer on this.
Thanks.
Do you happen to know which CVE vulnerability is being reported?
According to the knowledgebase article here if it is OpenSSL CVE-2023-5678, then this is considered to be a false positive.
If you are not using openssl then you could simply remove it from the product to avoid the reported vulnerability.
The new version of openssl is available in V9.0 PU6 and later but it may be in earlier versions too. You should probably open up a support ticket to get a definitive answer on this.
Thanks.
Appreciate the update Chris. Yes, that is the latest CVE-2023-5678 our scans are reporting.
Here are the other CVE also being reported related to this, CVE-2023-0466 , CVE-2023-3817 .
Thanks,
Aldous
Appreciate the update Chris. Yes, that is the latest CVE-2023-5678 our scans are reporting.
Here are the other CVE also being reported related to this, CVE-2023-0466 , CVE-2023-3817 .
Thanks,
Aldous
I do not see those other CVE's as being reported.
Please open up a case with technical support and they will research this further.
Thanks
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
77 4th Avenue
Waltham, MA 02451 USA
