Update: Dec 14, 2022
Qlik can confirm that this includes the lower severity issue CVE-2022-3786 which was announced by OpenSSL at the same time.
-----------------------------------------------------------------------------------------------------------------------------------------
Update: Nov 2, 2022
Qlik has completed its review of this third-party vulnerability and concluded it does not impact any Qlik product or service
-----------------------------------------------------------------------------------------------------------------------------------------
Update Nov 1, 2022:
The OpenSSL team has assigned the CVE reference CVE-2022-3602 to this issue and downgraded the severity to HIGH – please see https://www.openssl.org/news/secadv/20221101.txt .
Despite the lower severity, Qlik is continuing to review its products and services to ensure there are no concerns. At this time, no exposure has been identified.
-----------------------------------------------------------------------------------------------------------------------------------------
Original, October 31, 2022:
Qlik is aware that the OpenSSL project has announced that a critical security issue will be patched in a release targeted for November 1, 2022.
Although we cannot be certain that there will be no impact to Qlik’s products and services until the full details are made public, initial indications are that Qlik is not impacted by this OpenSSL vulnerability.
As more details become available, Qlik will review and update this page accordingly. Subscribe to this post to receive notifications when updated.
Additional information:
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
