openssl included in Microfocus COBOL Server 8.0 Patch Update 8.0 is out of date and has vulnerabilities, what is the next available patch?


What is the next available patch update for Microfocus COBOL Server 8.0  that will update the security vulnerability of the openssl included.

Current installed:

cobol v8.0.0
PTI=32/64 bit
PTI=Micro Focus COBOL Server 8.0 - Patch Update 08
PTI=Patch Update 08

Scan vulnerability:
Path : /opt/microfocus/VisualCOBOL/bin/openssl
Reported version : 1.1.1t
Fixed version : 1.1.1x


  • Verified Answer

    Do you happen to know which CVE vulnerability is being reported?

    According to the knowledgebase article here if it is OpenSSL CVE-2023-5678, then this is considered to be a false positive.
    If you are not using openssl then you could simply remove it from the product to avoid the reported vulnerability.

    The new version of openssl is available in V9.0 PU6 and later but it may be in earlier versions too. You should probably open up a support ticket to get a definitive answer on this.


    Chris Glazier
    Rocket Software - Principal Technical Support Specialist
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

  • Appreciate the update Chris. Yes,  that is the latest CVE-2023-5678 our scans are reporting. 

    Here are the other CVE also being reported related to this,  CVE-2023-0466 , CVE-2023-3817 .    


Reply Children