OpenSSL Vulnerabilities still in Latest Versions of Box Drive

Completed

Follow

New post

Jack Paschke

• October 24, 2024 18:32

The latest version of Box Drive for Windows (2.41.226) still contains outdated OpenSSL binaries (libcrypto-3 3.0.11 and libssl-3 3.0.11) which are vulnerable to several CVEs including CVE-2024-4741 (CVSS 8.1). Please patch these binaries as they are currently greatly elevating our enterprise vulnerability score across several security platforms.

1

• 

  Rona

  • October 24, 2024 19:06

  Hi Jack, 

  Welcome to Box Community! 

  To help address your issue, I created a new ticket and a member from Box Product Support will be in touch, please keep an eye out. 

  Thanks for posting!

  0

  Comment actions Permalink
• 

  Jaturong Wongpiriyapaisan

  • March 05, 2025 03:46

  Hi Rona

  I use Box Drive 2.43.205 but why Openssl is still 3.0.11.0, how can I update it?

  0

  Comment actions Permalink

Please sign in to leave a comment.