OpenSSL Vulnerability: Is FME impacted?

Liz Sanderson
Liz Sanderson
  • Updated

Summary

CVE NumberSeverityProductPlatformImpactResolved
CVE-2022-3786

CVE-2022-3602  
HighFME Desktop
FME Server
Windows
macOS
Red Hat 7
CentOS 7
2022.1.x
2022.2 Beta
2022.2 Official Release
Ubuntu
Debian
Red Hat 8
Rocky Linux 8
Docker/K8S
Not AffectedN/A
FME License Server
FME Cloud
FME Mobile Apps
AllNot AffectedN/A


FME Desktop & FME Server

FME 2022.1 and later on Windows, macOS, and Red Hat 7/CentOS 7 contain the impacted software component. As a best practice, we recommend administrators download and install 2022.2.

FME 2022.0 and earlier do not contain the library version associated with the vulnerability and are not affected. 

FME (all versions) on Ubuntu, Debian, and Red Hat 8/Rocky Linux 8 and FME Server launched through Docker/Kubernetes are not affected.


FME License Server, FME Cloud & FME Mobile Apps

All versions of FME License Server (using FlexLM/FlexNet Publisher) and FME Cloud instances are not affected by the vulnerabilities as described in CVE-2022-3786 and CVE-2022-3602.

The FME AR and FME Data Express mobile applications (iOS and Android) do not include any version of OpenSSL, therefore these applications are not affected by the vulnerabilities.

 

FAQ

Will I be notified when the fixed release is available?

On the Downloads page subscribe to our mailing list to be notified when new downloads are available.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.