Symantec VIP Enterprise Gateway servers reporting security vulnerability with OpenSSL version library files

Is Symantec VIP product vulnerable?

Third party OpenSSL version 3.0.7 was included with Symantec VIP Enterprise Gateway version 9.10.x

Third party OpenSSL version 3.0.8 was included with Symantec VIP Enterprise Gateway version 9.11.0

Enterprise Gateway 9.9.2 and below : Enterprise Gateway 9.9.2 and below uses OpenSSL 1.x and is not impacted by this vulnerability.

Enterprise Gateway 9.10.x & 9.11.0:   Enterprise gateway 9.10.x and 9.11 uses OpenSSL 3.x., but is not using the specific methods of implementation with OpenSSL which are vulnerable to this exploitation

VIP Cloud Components:  VIP Cloud components do not use any version of OpenSSL and therefore not impacted.

• Note: The OpenSSL 3.0.13 version was released on January 30, 2024 and was to close to our VIP 9.11 version to be include with the 9.11 release. This OpenSSL version will be included in our next version update (9.11.1).