Vulnerabilities in NXLog libraries "libcrypto-1_1-x64.dll" and "libssl-1_1-x64.dll, related to "OpenSSL, Version: 1.1.1q" - deleting the files?

View thread

Djordje

Vulnerability scanner has discovered a number of vulnerabilities (CVE-2022-4450, CVE-2023-0215, CVE-2023-4807) related to “OpenSSL, version 1.1.1q” in NXLog libraries "libcrypto-1_1-x64.dll" and "libssl-1_1-x64.dll:

  • If we are using the following modules: im_msvistalog, im_file, om_tcp;
  • and we are NOT using the following modules: im_ssl, om_ssl;

would simply deleting the following files from the system: “C:\ProgramFiles\nxlog\libcrypto-1_1-x64.dll”, “C:\ProgramFiles\nxlog\libssl-1_1-x64.dll” (which solves the problem with the vulnerability scanner alerts) affect functionality of NXLog?