Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 
Lass
Partner - Contributor II

OpenSSL issues

Microssoft Cloud Defender has started alerting us that there are OpenSSL issues and they are suggesting updating the Openssl version to the latest.

Here are the files that are being flag on all our Qliksense servers running version Qlik Sense February 2024 Patch 6 - 14.173.11

The files:

c:\program files\common files\qlik\custom data\qvodbcconnectorpackage\drill\lib\openssl64.dlla\libcrypto-3-x64.dll
c:\program files\common files\qlik\custom data\qvodbcconnectorpackage\drill\lib\openssl64.dlla\libssl-3-x64.dll


c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\oracle\lib\libcrypto-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\oracle\lib\libssl-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\libcurl64.dlla\openssl64.dlla\libcrypto-3-x64.dll

c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\libcurl64.dlla\openssl64.dlla\libssl-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\openssl64.dlla\libcrypto-3-x64.dll
c:\programdata\package cache\af7aeebf-6f94-4a09-9113-21295ed47105\qvodbcconnectorpackage\spark\lib\openssl64.dlla\libssl-3-x64.dll

Remediation:
Update Openssl (from Openssl) to the latest version.

We are also  getting alerts to update the version of Python ... 

Is anyone having the same issue, and could you kindly share some insight on a resolution, the last thing we want is an attack on our servers as a result of this .. 

Thanks

Lass

 

Labels (2)
3 Replies
Dana_Baldwin
Support

Hi @Lass 

Please note, this forum is for product Qlik Enterprise Manager. To reach your target audience, please post your question here: Qlik Sense | Qlik Community

dchristophersen
Contributor III

Hello Lass,

 

have you found a solution to this topic?

We have a similar scenario currently, but I cannot find any proper advice.

 

Best regards,
Daniel

BernieMaf
Partner - Contributor II

Hi @dchristophersen 

We have not found a solution, Qlik took the issue back to their Security team since we raised it and advised they would include the latest OpenSSL update with the latest files, which was late last year.
Now there is a Critical OpenSSL Vulnerability (https://cyberpress.org/openssl-vulnerability/) out there that we need to protect ourselves from.

 

cc: @Lass