OpenSSL - Vulnerability

Good day,

our customer sent us the results of a security scan of our server. The results included vulnerabilities:

  1. Vulnerability: OpenSSL Multiple Remote Security Vulnerabilities

QID: 38602

  1. Vulnerability: OpenSSL oracle padding vulnerability (CVE-2016-2107)

QID: 38626

Did you meet with this problem somewhere?

We haven´t SSL/TLS secure communication set up in the application. Could it be caused by that?

Thank you in advance for the info.

D2000 V12.0.61u5

Good day.
In that case, unfortunately, we can do nothing. I checked again that the installation cabinet D2000 12.0.61.u5 contains the binary and dlls “OpenSSL 1.0.2p 14 Aug 2018” and no other version of openssl. Reported vulnerabilities do not occur in this version.
If you dont use TLS communication between D2000 processes and kernel possibly KOM doesn´t communicate with protocols that are secured by SSL/TLS, so try deleting openssl from the D2000 installation (no guarantee, I didn´t test it). These files are libeay32.dll, ssleay32.dll, openssl.exe. They can be in the bin directory and also in bin64.