https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/m-p/2480937#M29201 <P>Hello!<BR />There are several outdated OpenSSL libs with vulnerabilities in connector package<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BuTbka_0-1726044142026.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/171522iEE81D06EC062D8F0/image-size/medium?v=v2&amp;px=400" role="button" title="BuTbka_0-1726044142026.png" alt="BuTbka_0-1726044142026.png" /></span><BR />QS May 2024 Patch 5&nbsp;<BR /><BR />Nessus scan results:<BR />[<BR />"OpenSSL Project OpenSSL 1.1.1h (C:\\Program files\\Qlik\\Sense\\Repository\\Postgresql\\12.5\\Bin\\)",<BR />"OpenSSL Project OpenSSL 1.1.1k (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Hive\\Lib\\Libcurl64.dlla\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.1k (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Hive\\Lib\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.1k (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Impala\\Lib\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.1n (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Mysql\\Lib\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.0j (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Phoenix\\Lib\\Openssl64.dlla\\)"<BR />]</P> <P><BR />Where we can download updated drivers or libs?</P> Wed, 29 Jan 2025 16:21:29 GMT BuTbka 2025-01-29T16:21:29Z https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/m-p/2480937#M29201 <P>Hello!<BR />There are several outdated OpenSSL libs with vulnerabilities in connector package<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BuTbka_0-1726044142026.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/171522iEE81D06EC062D8F0/image-size/medium?v=v2&amp;px=400" role="button" title="BuTbka_0-1726044142026.png" alt="BuTbka_0-1726044142026.png" /></span><BR />QS May 2024 Patch 5&nbsp;<BR /><BR />Nessus scan results:<BR />[<BR />"OpenSSL Project OpenSSL 1.1.1h (C:\\Program files\\Qlik\\Sense\\Repository\\Postgresql\\12.5\\Bin\\)",<BR />"OpenSSL Project OpenSSL 1.1.1k (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Hive\\Lib\\Libcurl64.dlla\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.1k (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Hive\\Lib\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.1k (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Impala\\Lib\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.1n (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Mysql\\Lib\\Openssl64.dlla\\)",<BR />"OpenSSL Project OpenSSL 1.1.0j (C:\\Program files\\Common files\\Qlik\\Custom data\\Qvodbcconnectorpackage\\Phoenix\\Lib\\Openssl64.dlla\\)"<BR />]</P> <P><BR />Where we can download updated drivers or libs?</P> Wed, 29 Jan 2025 16:21:29 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/m-p/2480937#M29201 BuTbka 2025-01-29T16:21:29Z https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/m-p/2511826#M31768 <P>Have this been addressed by anyone? Patch 11 still has this version on our instances, upgrading to Patch 15 came with the following:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="tin_u_0-1743066486981.png" style="width: 400px;"><img src="https://community.qlik.com/t5/image/serverpage/image-id/179028i7375A99A0967E951/image-size/medium?v=v2&amp;px=400" role="button" title="tin_u_0-1743066486981.png" alt="tin_u_0-1743066486981.png" /></span></P><P>&nbsp;</P> Thu, 27 Mar 2025 09:08:20 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/m-p/2511826#M31768 tin_u 2025-03-27T09:08:20Z https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/m-p/2517987#M31920 <P>I am also facing the same issue, have opened the ticket with Qlik support and here is the answer i have received.</P><P><SPAN>It seems that Qlik Sense Enterprise has OpenSSL libraries at</SPAN><BR /><SPAN>C:\program files\common files\qlik\custom data\qvodbcconnectorpackage\...\lib</SPAN><BR /><SPAN>OpenSSL 3.0.15 has security fixes - <A href="https://openssl-library.org/news/openssl-3.0-notes/index.html" target="_blank">https://openssl-library.org/news/openssl-3.0-notes/index.html</A></SPAN><BR /><BR /><SPAN>CVSS score : CVE-2024-6119, CVE-2024-5535</SPAN><BR /><BR /><SPAN>This is an already reported issue and there are plans to update the Open SSL libraries in future Qlik Sense releases but we don't have ETA on this. I know this is an inconvenience for you but please watch out for our release notes to identify if the libraries are updated by tracking directly on our Community Page, kindly subscribe to receive notifications on the latest release notes for patches and news releases.</SPAN><BR /><BR /><SPAN><A href="https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes" target="_blank">https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes</A></SPAN><BR /><SPAN><A href="https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/td-p/2480937" target="_blank">https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/td-p/2480937</A></SPAN><BR /><BR /><SPAN>You may need to plan on upgrading your Qlik Sense since it appears the patch will be in later versions of 2025.</SPAN></P> Thu, 15 May 2025 18:12:26 GMT https://community.qlik.com/t5/Management-Governance/Vulnerabilities-OpenSSL-1-1-0/m-p/2517987#M31920 vmahmomo 2025-05-15T18:12:26Z