Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Log & Event Manager (LEM) > LEM vulnerability to OpenSSL

LEM vulnerability to OpenSSL

Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 940 Votes: 1 Revisions: 5

Overview

This article provides brief information on LEM vulnerability to OpenSSL issues.

Environment

LEM version 6.2

Detail

The security team have simply identified that Openssl exists on the LEM appliance.

The Embedded Tomcat i.e. web console - Does use SSL/TLS for port 8443. We don't specify whether to use APR (OpenSSL) or JSSE connector so Tomcat decides for us.

It prefers APR but since it is not installed on our Debian appliance (libapr), the native connector is used i.e. JSSE.

So, whereis OpenSSL installed?

Our PostgreSQL database uses OpenSSL for secured connections.
This database is used solely for users who use SolarWinds NTA to send Cisco Netflow to LEM.

Unless you use LEM for Netflow, OpenSSL is not an issue and LEM is not open to any of the related OpenSSL vulnerabilities..

 

Even so this should not be accessible from outside your network.

 

Disable flow service

 

Login as cmc > service > disableflow.

 

This will stop the service that utilises OpenSSL.

It may not remove it from the scope of the scanner but it will enforce a Cul de Sac.

 

 

 

Last modified

Tags

Classifications

Public