Notable Solutions Releases Updates to Address Potential Encrypted Communications OpenSSL Vulnerability in NSi AutoStore
Recently a new vulnerability in OpenSSL, a software library used by many server-based applications as well as consumer websites for encrypted communication, was reported. This vulnerability can permit a "man-in-the-middle" attack to decrypt and modify SSL traffic. Upon learning of this issue with OpenSSL, Notable Solutions reviewed all products in our portfolio which interact with OpenSSL to determine if any were subject to this vulnerability. The balance of this article details what we discovered in our analysis and what actions have been taken to remedy this matter.
Four components of AutoStore versions 5 and 6 were subject to this vulnerability:
- ﾠﾠﾠﾠﾠ Ricoh ESA capture component
- ﾠﾠﾠﾠﾠ AutoCapture
- ﾠﾠﾠﾠﾠ QuickCapture Pro
- ﾠﾠﾠﾠﾠ Bates Stamp Server
Updates which correct this issue are now available via the AutoStore Software Update service. Please reference the appropriate AutoStore Framework for your configuration as well as the appropriate client update for any of the above referenced components. Once downloaded, please follow the included instructions for installation procedure.
On a practical level, it is important to note that most AutoStore environments are not in practice vulnerable to this issue since AutoStore typically runs on private networks. In other words, the intrusion would have to take place from within a customer's network for this vulnerability to be exploited.
Please contact Notable Solutions support at firstname.lastname@example.org if you have additional questions, require assistance with applying the updates or need help verifying that updates installed successfully.