The vulnerability scanner found the ssleay32.dll to CVE-2024-13176.
File `C:\Program Files\Quest\ChangeAuditor\Agent\ssleay32.dll` version `1.0.2zj` is vulnerable to `CVE-2024-13176`, which exists in versions `>= 1.0.2, < 1.0.2zl`. The vulnerability was found in the [VulnCheck NVD++ Database](https://vulncheck.com/browse/cve/CVE-2024-13176) based on the CPE `cpe:2.3:a:openssl:openssl` with NVD severity: `None`. The file is associated with the technology `OpenSSL`. The vulnerability can be remediated by updating `OpenSSL` to `1.0.2zl` or higher.
An outdated version of the "ssleay32.dll" file that belongs to the OpenSSL component used by the NetApp auditing module.
WORKAROUND (only for customers without the NetApp Auditing module licensed):
If NetApp Auditing is not used in your environment, you can manually delete the following files located in the default path (C:\Program Files\Quest\ChangeAuditor\Agent) on each host that has the Change Auditor agent installed and that is reporting this in your vulnerability scanner:
NOTE: Make sure to stop the agent service before making this change and start it back again afterward.
SOLUTION:
As of Change Auditor version 7.5, the OpenSSL component is no longer used in the agent files even for NetApp as they deprecated that API. Therefore, the recommended solution for this issue will be to upgrade Change Auditor to this version or later. Remember to review the technical documentation for an insight into the system requirements and installation instructions before upgrading.
