A critical vulnerability has been discovered in current versions of OpenSSL. This critical vulnerability affects version 3.0.6 or earlier.
Fortunately, TSplus Remote Access relies on OpenSSL version 1.1.1. Therefore, this vulnerability doesn’t affect TSplus Remote Access.
All other products edited by TSplus does not leverage OpenSSL. Therefore, all products edited by TSplus are not affected.
As for any security situations, details are not available as to what the exact threat is or where the weakness may lie because OpenSSL Project tries to avoid tipping off opportunistic bad actors that could exploit the vulnerability before it’s patched.
As defined by the OpenSSL Project:
A critical vulnerability affects common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise server private keys or where remote code execution is considered likely in common situations.
For information, the O
penSSL Project will release a patch with version 3.0.7 on Tuesday, November 1st, 2022.
Please read OpenSSL newslog for more recent updates about OpenSSL announcements: https://www.openssl.org/news/newslog.html.