Are your applications vulnerable to the OpenSSL 3.x vulnerability?

Quickly identify your vulnerable applications using the Qualys Cloud Platform

On Tuesday, November 1, 2022, the OpenSSL project released a new version of OpenSSL version 3.0.7 that will patch a buffer overrun condition which can be triggered in X.509 certificate verification. This applies to the current 3.x versions of OpenSSL [refer to CVE-2022-3786 & CVE-2022-3602]

OpenSSL rates the severity of the vulnerability as HIGH, which means this vulnerability affects common configurations and is also likely to be exploitable.

To help the security community during these challenging times, we are opening up free access to our industry-leading Enterprise TruRisk Platform that can help organizations inventory and scan all systems with vulnerable versions of OpenSSL. Our unified platform brings together Cybersecurity Asset Management, Vulnerability Management and Detection, Patch Management, Web Application Scanning and Custom Assesment and Remediation.

Detect Before Attackers Do

Proactively scan your applications using techniques similar to the hackers' to find applications vulnerable to OpenSSL 3.x (CVE-2022-3786).

No Install, No Configurations

Scans are done directly from the Enterprise TruRisk Platform, eliminating the need to install software or make network configuration changes, which means you can start scanning your websites in less than 30 minutes.

Detections Simulate OpenSSL Attacks

Qualys researchers have created highly accurate tests that simulate common OpenSSL attacks to detect vulnerable applications without false positives. The team is constantly expanding its OpenSSL vulnerability detection logic and will update related signatures as needed.

Access resources, blog and recommendations for more details

OpenSSL 3.x Vulnerability: CVE-2022-3786 & CVE-2022-3602 FAQs and Resources

Create your 30-day account

By submitting this form, you consent to Qualys' privacy policy.

Note: We are working hard to accommodate the increased demand. Requests will be provisioned on first come first serve basis with priority given to helping our existing customers.