Vulnerabilities in OpenSSL 1.0.2zo and Older on Siteminder Sharepoint Agent r12.8.x
search cancel

Vulnerabilities in OpenSSL 1.0.2zo and Older on Siteminder Sharepoint Agent r12.8.x

book

Article ID: 438076

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Siteminder Sharepoint Agent r12.8.x ships with OpenSSL 1.0.2zf.  There have been a number of vulnerabilities published for various versions of OpenSSL.

Environment

PRODUCT: Siteminder

COMPONENT: Sharepoint Agent

OPERATING SYSTEM: ANY

VERSION: 12.8.7 & 12.8.8

Cause

The following CVE's have been published for OpenSSL 1.0.2zo and older.

CVE-2026-28388 "NULL Pointer Dereference When Processing a Delta CRL

Severity: Low
IMPACTED: 1.0.2 - 1.0.2zo
REMEDIATED: 1.0.2zp

CVE-2026-28389 "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo"

Severity: Low
IMPACTED: 1.0.2 - 1.0.2zo
REMEDIATED: 1.0.2zp

CVE-2026-28390 "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo"

Severity: Low
IMPACTED: 1.0.2 - 1.0.2zo
REMEDIATED: 1.0.

Resolution

Upgrade OpenSSL on Siteminder Agent for Sharepoint servers to OpenSSL 1.0.2zp

How to Verify the version of OpenSSL Installed on the Siteminder Sharepoint Agent

 

###### UPGRADE INSTRUCTIONS ######

LINUX

1) Copy "openssl_1.0.2zp_linux.zip" to the Sharepoint Agent Server

2) Unzip "openssl_1.0.2zp_linux.zip"

unzip openssl_1.0.2zp_linux.zip

3) Stop the Sharepoint Agent Server.

4) Navigate to the '<InstallDir>/CA/Agent-for-SharePoint/' directory.

5) Note the permissions on the contents of the '<InstallDir>/CA/Agent-for-SharePoint/SSL/bin' directory.

6) Backup either the entire '<InstallDir>/CA/Agent-for-SharePoint/SSL/bin' directory, or the following files:

<InstallDir>/CA/secure-proxy/SSL/bin/openssl

7) Copy the contents of the '/openssl_1.0.2zp_linux/Openssl102zp/bin/' folder to the '/<Intall_Dir>/CA/Agent-for-SharePoint/SSL/bin/ directory.

CONTENTS:

openssl

EXAMPLE: cp -r /openssl_102zn_linux/Openssl102zp/bin/* /<InstallDir>/CA/Agent-for-SharePoint/SSL/bin/

8) Backup either the entire '<InstallDir>/CA/Agent-for-SharePoint/SSL/lib/' directory, or the following files:

<InstallDir>/CA/secure-proxy/SSL/lib/libcrypto.so
<InstallDir>/CA/secure-proxy/SSL/lib/libcrypto.so.1.0.0
<InstallDir>/CA/secure-proxy/SSL/lib/libssl.so
<InstallDir>/CA/secure-proxy/SSL/lib/libssl.so.1.0.0

9) Copy the contents of the '/openssl_1.0.2zp_linux/Openssl102zp/lib/' folder to the '/<Intall_Dir>/CA/Agent-for-SharePoint/SSL/lib/' directory.

CONTENTS:

libcrypto.so
libcrypto.so.1.0.0
libssl.so
libssl.so.1.0.0

EXAMPLE: cp -r /openssl_1.0.2zp_linux/Openssl102zp/lib/* ./<InstallDir>/CA/Agent-for-SharePoint/SSL/lib/

10) Re-set the permissions on the copied files.

11) Re-source the environment variables;

. ./ca_sps_env.sh

13) Re-start the Sharepoint Agent.

./proxy-engine/sps-ctl start

 


WINDOWS

1) Copy "Openssl_1.0.2zp_windows.zip" to the Sharepoint Agent Server

2) Unzip "Openssl_1.0.2zp_windows.zip"

3) Stop the Sharepoint Agent server

4) Browse to the "<Install_Dir>\CA\Agent-for-SharePoint\SSL\bin\" directory in Sharepoint Agent

Default: <Install_Dir> = C:\Program Files\

5) Back-up either the '<Install_Dir>\CA\Agent-for-SharePoint\SSL\bin\' directory, or the following files:

<Install_Dir>\CA\secure-proxy\SSL\bin\openssl.exe
<Install_Dir>\CA\secure-proxy\SSL\bin\libeay32.dll
<Install_Dir>\CA\secure-proxy\SSL\bin\ssleay32.dll

6) Copy the contents of '\Openssl_1.0.2zp_windows\Openssl102zp_win64\' folder to the '<Install_Dir>\CA\Agent-for-SharePoint\SSL\bin\' directory.

CONTENTS:

openssl.exe
libeay32.dll
ssleay32.dll

7) Back-up either the '<Install_Dir>\CA\Agent-for-SharePoint\httpd\bin\' directory, or the following files:

<Install_Dir>\CA\secure-proxy\httpd\bin\openssl.exe
<Install_Dir>\CA\secure-proxy\httpd\bin\libeay32.dll
<Install_Dir>\CA\secure-proxy\httpd\bin\ssleay32.dll

8) Copy the contents of '\Openssl_1.0.2zp_windows\Openssl102zp_win64\' folder to the '<Install_Dir>\CA\Agent-for-SharePoint\httpd\bin\' directory.

CONTENTS:

openssl.exe
libeay32.dll
ssleay32.dll

9) Start the Sharepoint Agent server

Additional Information

KB406508: How to Verify the version of OpenSSL Installed on the Siteminder Sharepoint Agent

OpenSSL 1.0.2 Vulnerabilities

OpenSSL 1.0.2zp remediates the following CVE's:

CVE-2026-28388
CVE-2026-28389
CVE-2026-28390
CVE-2026-68160
CVE-2025-69421
CVE-2025-22796
CVE-2025-9230
CVE-2024-13176
CVE-2024-9143
CVE-2024-5535
CVE-2024-0727
CVE-2023-5678
CVE-2023-3817
CVE-2023-3446
CVE-2023-2650
CVE-2023-0465
CVE-2023-0464
CVE-2023-0466
CVE-2022-4304
CVE-2023-0215
CVE-2023-0286

Attachments

Openssl_1.0.2zp_linux.zip get_app
Openssl_1.0.2zp_windows.zip get_app
Powered by Wolken Software