Quickly identify your vulnerable applications using the Qualys Cloud Platform
On Tuesday, November 1, 2022, the OpenSSL project released a new version of OpenSSL version 3.0.7 that will patch a buffer overrun condition which can be triggered in X.509 certificate verification. This applies to the current 3.x versions of OpenSSL [refer to CVE-2022-3786 & CVE-2022-3602]
OpenSSL rates the severity of the vulnerability as HIGH, which means this vulnerability affects common configurations and is also likely to be exploitable.
To help the security community during these challenging times, we are opening up free access to our industry-leading Enterprise TruRisk Platform that can help organizations inventory and scan all systems with vulnerable versions of OpenSSL. Our unified platform brings together Cybersecurity Asset Management, Vulnerability Management and Detection, Patch Management, Web Application Scanning and Custom Assesment and Remediation.
Proactively scan your applications using techniques similar to the hackers' to find applications vulnerable to OpenSSL 3.x (CVE-2022-3786).
Scans are done directly from the Enterprise TruRisk Platform, eliminating the need to install software or make network configuration changes, which means you can start scanning your websites in less than 30 minutes.
Qualys researchers have created highly accurate tests that simulate common OpenSSL attacks to detect vulnerable applications without false positives. The team is constantly expanding its OpenSSL vulnerability detection logic and will update related signatures as needed.
Note: We are working hard to accommodate the increased demand. Requests will be provisioned on first come first serve basis with priority given to helping our existing customers.