Siteminder Sharepoint Agent ships with OpenSSL 1.0.2.  There have been a number of vulnerabilities published for various versions of OpenSSL.

PRODUCT: Siteminder

COMPONENT: Sharepoint Agent

OPERATING SYSTEM: ANY

VERSION: 12.8.7 & 12.8.8

The following CVE's have been published since OpenSSL 1.0.2ZL

CVE-2025-9230 "Out-of-bounds read & write in RFC 3211 KEK Unwrap"

Upgrade OpenSSL on Siteminder Agent for Sharepoint servers to OpenSSL 1.0.2zm.  

How to Verify the version of OpenSSL Installed on the Siteminder Sharepoint Agent

###### UPGRADE INSTRUCTIONS ######

LINUX

1) Copy "Openssl102zm_win64.zip" to the Sharepoint Agent Server

2) Unzip "Openssl102zm_win64.zip"

Unzip Openssl102zm_win64.zip

3) Stop the Sharepoint Agent Server.

4) Navigate to the '<InstallDir>/CA/Agent-for-SharePoint/' directory.

5) Note the permissions on the contents of the '<InstallDir>/CA/Agent-for-SharePoint/SSL/bin' directory.

6) Backup either the entire '<InstallDir>/CA/Agent-for-SharePoint/SSL/bin' directory, or the following files:

<InstallDir>/CA/secure-proxy/SSL/bin/c_rehash
<InstallDir>/CA/secure-proxy/SSL/bin/openssl

7) Copy the contents of the '/Openssl102zm_win64/bin/' folder to the '/<Intall_Dir>/CA/Agent-for-SharePoint/SSL/bin/ directory.

CONTENTS:

openssl

EXAMPLE: cp -r /openssl102zl_linux/bin/* /<InstallDir>/CA/Agent-for-SharePoint/SSL/bin/

8) Backup either the entire '<InstallDir>/CA/Agent-for-SharePoint/SSL/lib/' directory, or the following files:

<InstallDir>/CA/secure-proxy/SSL/lib/libcrypto.so
<InstallDir>/CA/secure-proxy/SSL/lib/libcrypto.so.1.0.0
<InstallDir>/CA/secure-proxy/SSL/lib/libssl.so
<InstallDir>/CA/secure-proxy/SSL/lib/libssl.so.1.0.0

9) Copy the contents of the '/openssl102zl_linux/lib/' folder to the '/<Intall_Dir>/CA/Agent-for-SharePoint/SSL/lib/' directory.

CONTENTS:

libcrypto.so
libcrypto.so.1.0.0
libssl.so
libssl.so.1.0.0

EXAMPLE: cp -r /openssl102zl_linux/lib/* ./<InstallDir>/CA/Agent-for-SharePoint/SSL/lib/

10) Re-set the permissions on the copied files.

11) Re-source the environment variables;

. ./ca_sps_env.sh

13) Re-start the Sharepoint Agent.

./proxy-engine/sps-ctl start

WINDOWS

1) Copy "Openssl102zm_win64.zip" to the Sharepoint Agent Server

2) Unzip "Openssl102zm_win64.zip"

3) Stop the Sharepoint Agent server

4) Browse to the "<Install_Dir>\CA\Agent-for-SharePoint\SSL\bin\" directory in Sharepoint Agent

Default: <Install_Dir> = C:\Program Files\

5) Back-up either the '<Install_Dir>\CA\Agent-for-SharePoint\SSL\bin\' directory, or the following files:

<Install_Dir>\CA\secure-proxy\SSL\bin\openssl.exe
<Install_Dir>\CA\secure-proxy\SSL\bin\libeay32.dll
<Install_Dir>\CA\secure-proxy\SSL\bin\ssleay32.dll

6) Copy the contents of '\Openssl102zm_win64\' folder to the '<Install_Dir>\CA\Agent-for-SharePoint\SSL\bin\' directory.

CONTENTS:

openssl.exe
libeay32.dll
ssleay32.dll

7) Back-up either the '<Install_Dir>\CA\Agent-for-SharePoint\httpd\bin\' directory, or the following files:

<Install_Dir>\CA\secure-proxy\httpd\bin\openssl.exe
<Install_Dir>\CA\secure-proxy\httpd\bin\libeay32.dll
<Install_Dir>\CA\secure-proxy\httpd\bin\ssleay32.dll

8) Copy the contents of '\openssl102zl_win64\' folder to the '<Install_Dir>\CA\Agent-for-SharePoint\httpd\bin\' directory.

CONTENTS:

openssl.exe
libeay32.dll
ssleay32.dll

9) Start the Sharepoint Agent server

KB406508: How to Verify the version of OpenSSL Installed on the Siteminder Sharepoint Agent

KB420181: Vulnerabilities in OpenSSL 1.0.2zl and Older on Siteminder Access Gateway r12.8.x

OpenSSL 1.0.2 Vulnerabilities

OpenSSL 1.0.2zl remediates the following CVE's:

CVE-2025-9230
CVE-2024-13176
CVE-2024-9143
CVE-2024-5535
CVE-2024-0727
CVE-2023-5678
CVE-2023-3817
CVE-2023-3446
CVE-2023-3817
CVE-2023-3446
CVE-2023-3817
CVE-2023-3446
CVE-2023-0465
CVE-2023-0466
CVE-2023-0464
CVE-2023-0286
CVE-2023-0215
CVE-2022-4304
CVE-2022-2068
CVE-2022-1292
CVE-2022-0778
CVE-2021-4160
CVE-2021-3712
CVE-2021-23841
CVE-2021-23840
CVE-2021-23839
CVE-2020-1971
CVE-2020-1968
CVE-2019-1551
CVE-2019-1563
CVE-2019-1547
CVE-2019-1552
CVE-2019-1559