Notable Solutions: Some Elements of AutoStore Vulnerable to ‘Heartbleed’ OpenSSL Vulnerability

Notable Solutions reports that it’s reviewed all products in its portfolio which interact with OpenSSL to determine if any are subject to the “Heartbleed” OpenSSL vulnerability. Notable Solutions found that four components of AutoStore versions 5 and 6 were subject to this vulnerability:

• Ricoh ESA capture component.
• AutoCapture.
• QuickCapture Pro.
• Bates Stamp Server

Autostore is Notable Solutions’ document-capture, processing, and routing software. OpenSSL is a software library used by many server-based applications, as well as consumer Web sites, for encrypted communication. This vulnerability can permit a “man-in-the-middle” attack to de-crypt and modify SSL traffic.

Updates which correct this issue are now available via the AutoStore Software Update service. Customers are advised to reference the appropriate AutoStore Framework for their configuration, as well as the appropriate client update for any of these components. Once downloaded, customers should follow the included instructions for the installation procedure.

Notable Solutions notes, however, that most AutoStore environments are not vulnerable to the vulnerability, issue since AutoStore typically runs on private networks. In other words, the intrusion would have to take place from within a customer’s network for this vulnerability to be exploited.

Customers can contact Notable Solutions’ support at support@notablesolutions.com if they have more questions, require assistance with applying the updates, or need help verifying that updates installed successfully. For reference a Knowledge Base article featuring frequently asked questions, visit Notable Solutions here.