Is SMG vulnerable to CVE-2013-1619?

search cancel

Is SMG vulnerable to CVE-2013-1619?

book

Article ID: 387473

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

This document explains whether SMG is vulnerable to CVE-2013-1619.

Environment

SMG 10.7.5, 10.8.x, 10.9.0

Resolution

No, SMG is not vulnerable to CVE-2013-1619.

As described on the CVE-2013-1619 page, the CVE only impacts GnuTLS 3.1.7, and current supported versions of SMG do not use GnuTLS. Although, SMG includes GnuTLS to resolve a component dependency, but it does not use GnuTLS but use a proprietary version of OpenSSL for all crypto functionality.

Feedback

thumb_up Yes

thumb_down No