OpenSSL Vulnerabilities still in Latest Versions of Box Drive

Terminée

S’abonner

New post

Jack Paschke

• 24 octobre 2024 18:32

The latest version of Box Drive for Windows (2.41.226) still contains outdated OpenSSL binaries (libcrypto-3 3.0.11 and libssl-3 3.0.11) which are vulnerable to several CVEs including CVE-2024-4741 (CVSS 8.1). Please patch these binaries as they are currently greatly elevating our enterprise vulnerability score across several security platforms.

1

• 

  Rona

  • 24 octobre 2024 19:06

  Hi Jack, 

  Welcome to Box Community! 

  To help address your issue, I created a new ticket and a member from Box Product Support will be in touch, please keep an eye out. 

  Thanks for posting!

  0

  Actions pour les commentaires Permalien
• 

  Jaturong Wongpiriyapaisan

  • 5 mars 2025 03:46

  Hi Rona

  I use Box Drive 2.43.205 but why Openssl is still 3.0.11.0, how can I update it?

  0

  Actions pour les commentaires Permalien

Vous devez vous connecter pour laisser un commentaire.