Summary

Laserfiche is aware of the OpenSSL 3.0 vulnerabilities publicly disclosed on November 1, 2022, as described in https://www.openssl.org/news/vulnerabilities.html. (CVE-2022-3602 and CVE-2022-3786)

Laserfiche's online services, including Laserfiche Cloud, are not affected by the vulnerabilities.

Laserfiche's self-hosted products do not ship with or use OpenSSL 3.0.x and are not directly affected by the vulnerabilities.

Related Links

• OpenSSL Vulnerabilities Bulletin
• CVE-2022-3602
• CVE-2022-3786
• AWS Security Bulletin: OpenSSL Security Advisories - November 2022