On this page, you will find important security information from Volue.
We are aware of the two vulnerabilities in OpenSSL - the CVE identifiers are CVE-2022-3602 & CVE-2022-3786.
The vulnerabilities are classified as 8.8 (HIGH) with the potential of crashing the service, which would lead to a denial of service attack, or in some cases a potential remote code execution.
Update 9 November
Current status: Internal investigation is completed.
No exploitable vulnerabilities found in Volue's software. As previously communicated, vulnerable 3rd party components are identified. Volue supports and follows recommendations from 3rd party software vendors regarding mitigating steps related to the Open SSL vulnerabilities.
Safe Software has identified that the newer version of FME Server is vulnerable. Our production environment is using an older version of FME Server that is not vulnerable. The vulnerable version in our dev/test environment is temporarily shut down, awaiting a new mitigated version.
Marked as potentially vulnerable and affects software from Power Grid and Infrastructure. ESRI has not released an official statement regarding confirmed vulnerabilities in their software. Volue refers to ESRI's official status page: OpenSSL V3 Vulnerability (esri.com)
Our consultants can be available to assist customers with processes related to updating 3rd party components.
Please contact email@example.com or see the 3rd party providers statements described in the links above.