CVE-2022-3602#

Statement on CVE-2022-3602 OpenSSL v3.0 Vulnerability#

November 17, 2022

Information#

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.

Severity#

Medium

Response#

Melissa Data Corporation (“Melissa”) is aware of the OpenSSL v3.0 vulnerability.

After an extensive review by Melissa’s IT department and developers, we’ve determined that no customer-facing devices were affected by the vulnerability. Internally, some development environment instances were affected by the vulnerabilities but have since been properly patched on November 2, 2022.

In addition to the Operating Systems, the IT department also investigated VMware tools and has determined that they were not affected.

Melissa will continue to follow all guidance provided by CISA and OpenSSL as necessary to prevent any future risks.