Security Update

Our Response to OpenSSL version 3.0.X vulnerabilities (CVE-2022-3602 and CVE-2022-3786)

OpenSSL Logo

On October 25, 2022, the OpenSSL Project team announced a security fix for a critical vulnerability in version 3.0.X of OpenSSL. This patch was rapidly fixed by software vendors on November 1, 2022. The Wisp Platform team audited all affected servers and services and applied the patch/fix to all affected assets during the afternoon of November 1, 2022.

Gensler has had zero impact to our work or our clients due to this vulnerability and we have followed our standard security operations procedures.  Gensler’s Security Operations team has already scanned our global infrastructure and IT Operations has applied patches in all necessary locations.  We advise all of our clients to do the same assessment and patching as quickly as possible, since this serious vulnerability has already been exploited against numerous businesses around the world.

More information is available at nvd.nist.gov: CVE-2022-3602 & CVE-2022-3786

Please reach out to your Customer Success Manager with any additional questions or concerns.