Alert: DocuSign update on OpenSSL vulnerability

On October 28th, DocuSign became aware of a planned disclosure of the OpenSSL vulnerability (CVE-2022-3602).  Upon release of the vulnerability’s details on November 1, 2022 investigations were initiated to assess potential impact and determine risk level. Based on the determined risk level, DocuSign has increased monitoring for CVE-2022-3602 and intends to remediate vulnerable configurations if and when identified through our standard SLAs and patch release activity.

As of November 1, 2022, DocuSign has observed no indicators of compromise in any of its service environments. We  continue to investigate and monitor the situation and will provide relevant updates if and when it becomes available.