Built something you're proud of? Tell the story. A quick G2 review of App Engine or Build Agent helps other developers see what's possible on ServiceNow. Share your experience.

Handling OpenSSL Vulnerability in ServiceNow ACC

PaulMcD
Tera Contributor

‎10-02-2024 04:56 AM

Question on the critical vulnerability in the ServiceNow Agent Client Collector (ACC) related to its use of an outdated OpenSSL version (1.0.2zg). We are currently on ACC version 3.4.0, and I’ve seen that version 3.5.0 still embeds this older OpenSSL.

 

How are others addressing this issue? Has anyone found a workaround or received updates from ServiceNow about a patch or new release?

 

Any insights would be greatly appreciated!

 

Paul

0 Helpfuls
  • 1,403 Views
2 REPLIES 2

Severin Launiau
Giga Guru

‎10-22-2024 09:34 PM

@PaulMcD: the OpenSSL bundled with ACC package is only used by external checks - not by ACC itself. You can generate an SBOM on the agent and see the binary carries the golang static libraries.

dougw
Tera Expert
In response to Severin Launiau

‎05-12-2025 12:33 PM

I believe ACC uses OpenSSL if using mTLS auth between the Agent and the MID, or between the Agent and MID-Less (ITOM Cloud services and/or DEX)

0 Helpfuls