Operational Updates

Operational Updates

We are aware of the two vulnerabilities in OpenSSL - the CVE identifiers are CVE-2022-3602 & CVE-2022-3786.

The vulnerabilities are classified as 8.8 (HIGH) with the potential of crashing the service, which would lead to a denial of service attack, or in some cases a potential remote code execution.

Update 9 November

Current status: Internal investigation is completed.

No exploitable vulnerabilities found in Volue's software. As previously communicated, vulnerable 3rd party components are identified. Volue supports and follows recommendations from 3rd party software vendors regarding mitigating steps related to the Open SSL vulnerabilities.

FME Server

Safe Software has identified that the newer version of FME Server is vulnerable. Our production environment is using an older version of FME Server that is not vulnerable. The vulnerable version in our dev/test environment is temporarily shut down, awaiting a new mitigated version.

ArcGIS Server

Marked as potentially vulnerable and affects software from Power Grid and Infrastructure. ESRI has not released an official statement regarding confirmed vulnerabilities in their software. Volue refers to ESRI's official status page: OpenSSL V3 Vulnerability (esri.com)

Our consultants can be available to assist customers with processes related to updating 3^rd party components.

Please contact support@volue.com or see the 3^rd party providers statements described in the links above.