3 Replies Latest reply on Apr 15, 2014 9:27 AM by geovanni

    CVE 2014-0160 McAfee Email Gateway 7.x vulnerable or not?  Appliance vs VM, vulnerable or not?

    HenGroup

      I am confused with this recent vulnerability.  I am getting conflicting answers from McAfee.  Here is the CVE article.  CVE 2014-0160 OpenSSL 1.0.1a - 1.0.1f vulnerability.  I was originally told MEG 7.5.1 is vulnerable and fix action is MEG 7.5.3 upgrade.  I was also advised that VM's were not affected.  Now I am hearing there is not a 7.5.3 and that a Hot Fix will be released instead of a patch to fix this vulnerability.  Also now McAfee is unsure about the VMs.  Somebody help me out. 

       

       

      Anyone else have MEG 7.x and have a good answer for CVE 2014-0160?  McAfee are you going to release an SNS concerning this info anytime soon.  I am getting nervous.  This is consider a Zero Day vulnerability I believe.