Skip to main content
Planview Customer Success Center

Open SSL Vulnerability Status

           

NOTE

This article will be updated to provide Planview customers with information pertaining to the status of the OpenSSL vulnerabilities that have been reported.

           

What is OpenSSL?

Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It's also what is used to lock down pretty much every secure communications and networking application and device out there. So we should all be concerned that Mark Cox, a Red Hat Distinguished Software Engineer and VP of Security for the Apache Software Foundation (ASF) this week tweeted, "OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC."

More details can be found here: OpenSSL warns of critical security vulnerability with upcoming patch | ZDNET

Planview Status Concerning OpenSSL

Any future status updates will be posted in this section. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Nov 16, 2022 03:40 pm CT

Planview Customers,


Planview Operations Teams are aware of the recent OpenSSL release of version 3.0.7 that addresses OpenSSL CVE-2022-3602 (RCE) and CVE-2022-3786 (DOS) published on November 1, 2022. Originally expected to be rated as “Critical”, OpenSSL downgraded the vulnerabilities to “High”. Planview Operations Teams have assessed the environment and determined that the OpenSSL vulnerability is non-impacting.

Products that are not impacted by recent OpenSSL 3.0.X CVEs:

  • Planview Enterprise Architecture
  • Planview Portfolios
  • Planview Advisor
  • Planview AdaptiveWork
  • Planview ChangePoint
  • Planview PPMPro
  • Planview ProjectPlace
  • Planview Tasktop Viz
  • Planview Tasktop Hub
  • Planview IdeaPlace
  • Planview AgilePlace
  • Planview Hub
  • Planview Barometer
  • Planview Daptiv
  • Core Service
  • Foundation Apps

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Nov 14, 2022 12:30 pm CT
 

Planview Customers,

Planview Operations Teams are aware of the recent OpenSSL release of version 3.0.7 that addresses OpenSSL CVE-2022-3602 (RCE) and CVE-2022-3786 (DOS) published on November 1, 2022. Originally expected to be rated as “Critical”, OpenSSL downgraded the vulnerabilities to “High”. At this time, we are still awaiting confirmation from a third-party vendor on potential impact to our Enterprise Architecture and Portfolios products.

Planview Tasktop Viz, Hub, and Sync on-prem editions are not impacted by vulnerable openssl components but are relying on underlying OS’ and libraries. For Planview Tasktop Hub and Sync customers who are hosting the product on their premises, please follow your organization’s update procedures where applicable. For example, the Docker base images.

 

Products that are not impacted by recent OpenSSL 3.0.X CVEs:

  • Planview Advisor
  • Planview AdaptiveWork
  • Planview ChangePoint
  • Planview PPMPro
  • Planview ProjectPlace
  • Planview Tasktop
  • Planview IdeaPlace
  • Planview AgilePlace
  • Planview Hub
  • Planview Barometer
  • Planview Daptiv
  • Core Service
  • Foundation Apps

 

Products still being assessed (3rd Party):

  • Planview Enterprise Architecture
  • Planview Portfolios

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Nov 10, 2022 10:00 am CT

Planview Customers,

Planview Operations Teams are aware of the recent OpenSSL release of version 3.0.7 that addresses OpenSSL CVE-2022-3602 (RCE) and CVE-2022-3786 (DOS) published on November 1, 2022. Originally expected to be rated as “Critical”, OpenSSL downgraded the vulnerabilities to “High”. At this time, we are still awaiting confirmation from several of our third-party vendors and libraries on potential impact to our Enterprise Architecture, Portfolios, AgilePlace, and IdeaPlace offerings.

Planview Tasktop Viz, Hub, and Sync on-prem editions are not impacted by vulnerable openssl components but are relying on underlying OS’ and libraries. For Planview Tasktop Hub and Sync customers who are hosting the product on their premises, please follow your organization’s update procedures where applicable. For example, the Docker base images.

Products that are not impacted by recent OpenSSL 3.0.X CVEs:

  • Planview Advisor
  • Planview AdaptiveWork
  • Planview ChangePoint
  • Planview PPMPro
  • Planview Tasktop
  • Planview Hub
  • Planview Barometer
  • Planview Daptiv
  • Core Services
  • Foundation Apps

Products still being assessed:

  • Planview Enterprise Architecture
  • Planview Portfolios
  • Planview AgilePlace
  • Planview IdeaPlace

Nov 4, 2022 2:00pm CT

Planview Customers,

Planview Operations Teams are aware of the recent OpenSSL release of version 3.0.7 that addresses OpenSSL CVE-2022-3602 (RCE) and CVE-2022-3786 (DOS) published on November 1, 2022. Originally expected to be rated as “Critical”, OpenSSL downgraded the vulnerabilities to “High”. Our teams are continuing their assessment of potential impact based on the latest published information from various sources.

Planview Tasktop Viz, Hub, and Sync on-prem editions are not impacted by vulnerable OpenSSL components, but are relying on underlying operating systems and libraries. For Planview Tasktop Hub and Sync customers who are hosting the product on their premises, please follow your organization’s update procedures where applicable. For example, the Docker base images.

Planview Product Management has confirmed the following solutions are confirmed not impacted by recent OpenSSL 3.0.X CVEs:

  • Planview Advisor
  • Planview AgilePlace
  • Planview PPMPro
  • Planview Tasktop Viz
  • Planview Tasktop Hub
  • Planview Barometer
  • Planview Daptiv
  • Planview ChangePoint

Nov 1, 2022 8:00am CT

Planview Customers,

Planview Operations Teams are aware of the recent OpenSSL release of version 3.0.7. We are assessing the impact based on the latest published information from various sources and are taking actions to upgrade where necessary. We’re closely monitoring the situation and preparing to address and remediate immediately. Any impact to our customers will be communicated out via the Planview status page, or ad-hoc channels.