topic Re: OpenSSL issues in Management & Governance

OpenSSL issues

Lass — Fri, 15 Nov 2024 20:53:32 GMT

Microssoft Cloud Defender has started alerting us that there are OpenSSL issues and they are suggesting updating the Openssl version to the latest.

Here are the files that are being flag on all our Qliksense servers running version Qlik Sense February 2024 Patch 6 - 14.173.11

The files:

c:\program files\common files\qlik\custom data\qvodbcconnectorpackage\drill\lib\openssl64.dlla\libcrypto-3-x64.dll
c:\program files\common files\qlik\custom data\qvodbcconnectorpackage\drill\lib\openssl64.dlla\libssl-3-x64.dll

c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\oracle\lib\libcrypto-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\oracle\lib\libssl-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\libcurl64.dlla\openssl64.dlla\libcrypto-3-x64.dll

c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\libcurl64.dlla\openssl64.dlla\libssl-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\openssl64.dlla\libcrypto-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\openssl64.dlla\libssl-3-x64.dll

Remediation:
Update Openssl (from Openssl) to the latest version.

We are also getting alerts to update the version of Python ...

Is anyone having the same issue, and could you kindly share some insight on a resolution, the last thing we want is an attack on our servers as a result of this ..

Thanks

Lass

Re: OpenSSL issues

Dana_Baldwin — Wed, 14 Aug 2024 21:52:13 GMT

Hi @Lass

Please note, this forum is for product Qlik Enterprise Manager. To reach your target audience, please post your question here: Qlik Sense | Qlik Community

Re: OpenSSL issues

dchristophersen — Mon, 20 Jan 2025 15:27:14 GMT

Hello Lass,

have you found a solution to this topic?

We have a similar scenario currently, but I cannot find any proper advice.

Best regards,
Daniel

Re: OpenSSL issues

BernieMaf — Fri, 14 Feb 2025 05:00:41 GMT

Hi @dchristophersen

We have not found a solution, Qlik took the issue back to their Security team since we raised it and advised they would include the latest OpenSSL update with the latest files, which was late last year.
Now there is a Critical OpenSSL Vulnerability (https://cyberpress.org/openssl-vulnerability/) out there that we need to protect ourselves from.

cc: @Lass