On February 7th, 2023, the OpenSSL Project team announced a security fix for a critical vulnerability in all current versions of OpenSSL. This patch was rapidly fixed by software vendors on February 6th, 2023 in accordance with best practice for vulnerability disclosure. The Wisp Platform team audited all affected servers and services and applied the patch/fix to all affected assets on the evening of February 8th, 2023.
Gensler has had zero impact to our work or our clients due to this vulnerability and we have followed our standard security operations procedures. Gensler’s Security Operations team has already scanned our global infrastructure and IT Operations has applied patches in all necessary locations. We advise all of our clients to do the same assessment and patching as quickly as possible, since this serious vulnerability has the potential to be exploited against numerous businesses around the world.
More information is available at cve.org: CVE-2023-0286 and the OpenSSL Project
Please reach out to your Customer Success Manager with any additional questions or concerns.
