OpenSSL version in Syncovery 10
Posted: Wed Jun 05, 2024 2:14 pm
Hi Tobias,
We have a client currently using Syncovery 9.50d on Windows and they have had a warning from Microsoft InTune / Defender saying that the version of OpenSSL in the Syncovery folder is 1.1.1 and has vulnerabilities as described in CVE-2023-49210, CVE-2018-16395, CVE-2017-14033 and CVE-2016-7798
Reported files
c:\program files\syncovery\libcrypto-1_1-x64.dll
c:\program files\syncovery\libssl-1_1-x64.dll
I just wanted to confirm that the OpenSSL installed with Syncovery v10 is at least 2.0.0 and not vulnerable to the issues above. Ideally it would be version 3.0.5 or above as there was a well known vulnerability in OpenSSL 3.0.4.
Assuming you can confirm the OpenSSL version installed with Syncovery is not listed as having known vulnerabilties, I will recommend to the client that they purchase Syncovery upgrade licenses for the affected PCs.
I look forward to hearing from you and thank you in advance.
Regards,
Nigel.
We have a client currently using Syncovery 9.50d on Windows and they have had a warning from Microsoft InTune / Defender saying that the version of OpenSSL in the Syncovery folder is 1.1.1 and has vulnerabilities as described in CVE-2023-49210, CVE-2018-16395, CVE-2017-14033 and CVE-2016-7798
Reported files
c:\program files\syncovery\libcrypto-1_1-x64.dll
c:\program files\syncovery\libssl-1_1-x64.dll
I just wanted to confirm that the OpenSSL installed with Syncovery v10 is at least 2.0.0 and not vulnerable to the issues above. Ideally it would be version 3.0.5 or above as there was a well known vulnerability in OpenSSL 3.0.4.
Assuming you can confirm the OpenSSL version installed with Syncovery is not listed as having known vulnerabilties, I will recommend to the client that they purchase Syncovery upgrade licenses for the affected PCs.
I look forward to hearing from you and thank you in advance.
Regards,
Nigel.