The version of openssl included in the Sophos Connect client contains a number of High Severity openssl vulnerabilites (CVE-2023-0286, CVE-2022-4450 & CVE-2023-0464) and we need a fix ASAP.
When will a new version of Sophos Connect be published that includes the fixes?
At the very least, we need a workaround where we can update (C:\Program Files (x86)\Sophos\Connect\openssl.exe) to a patched version of openssl. Please advise how to patch this executable without impacting the operation of the Sophos Connect client.
Many thanks,
This thread was automatically locked due to age.