Hi @Mat91 

You can find the option to contact Simba Support from the web link: Contact - insightsoftware

If you have a Power BI Pro account, you can open a free ticket and a dedicated Microsoft engineer will troubleshoot and resolve the problem for you. How to create a support ticket in Power BI - Microsoft Fabric Community

Best Regards,
Jarvis Tang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hello Ritaf1983.

Thank you very much for your message.

I have just checked the versions of SSL used in Power BI Desktop version 2.138.1203.0, which is the latest available for download from the Microsoft website.

Here's what I've found:

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Amazon Redshift ODBC Driver\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba DocumentDB ODBC Driver\LibCurl64.DllA\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba DocumentDB ODBC Driver\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Google BigQuery ODBC Driver\LibCurl64.DllA\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Google BigQuery ODBC Driver\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Hive ODBC Driver\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Impala ODBC Driver\LibCurl64.DllA\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Impala ODBC Driver\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Netezza ODBC Driver\libssl-3-x64.dll
3.0.13
C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba QuickBooks ODBC Driver\LibCurl64.DllA\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba QuickBooks ODBC Driver\OpenSSL64.DllA\libssl-3-x64.dll
3.0.13

C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba Trino ODBC Driver\OpenSSL64.DllA\libssl-3-x64.dll
3.0.8

Not a single instance of SSL has been updated. I have been checking every release and I get the same result every time. All versions are older than 3.0.15.

I am not using Power BI myself, I am rather managing a few workstations. I cannot prevent Power BI users to use features either.

Could you please suggest the best way to reach out to Simba about this? 

Hi @Mat91 

The vulnerability CVE-2024-5535 related to the Power BI ODBC Simba drivers involves a known issue in the OpenSSL version used. Here are steps and recommendations for addressing the issue:

Steps to Address the Vulnerability:
Verify OpenSSL Version:

The OpenSSL version mentioned (less than 3.0.15) is outdated. Confirm the OpenSSL version in your environment by checking the DLL file in the path you provided:
mathematica
Copy code
C:\Program Files\Microsoft Power BI Desktop\bin\ODBC Drivers\Simba * ODBC Driver\libssl-3-x64.dll
If it's older than 3.0.15, this matches the vulnerability criteria.
Check for Updates or Patches:

Check if Microsoft has released a patch for Power BI Desktop that updates the underlying ODBC Simba driver or OpenSSL library.
Visit the Microsoft Power BI Release Notes or the specific Security Updates page to see if there’s an announcement regarding this CVE.
Manual Workaround: If no patch is available yet, you can manually replace the OpenSSL libraries in the ODBC Simba driver folder with a more recent version. However, be cautious:

Ensure you back up the current files.
Obtain the updated OpenSSL files (e.g., libssl-3-x64.dll and libcrypto-3-x64.dll) from a trusted source such as the official OpenSSL project.
Replace the files in the directory and test your Power BI Desktop to confirm it functions correctly.
Application Behavior:

Verify whether your specific usage of Power BI requires the OpenSSL API function SSL_select_next_proto. If this function is not actively utilized in your workflows, the vulnerability might not pose an immediate risk.
If unsure, consult with Microsoft support or your IT security team for further clarification.
Reach Out to Simba or Microsoft Support:

If no fixes are available, report this to Simba and Microsoft support teams. They can provide guidance on whether a patch is in development or any mitigation steps.
Consider Network Controls: In the interim, restrict access to the affected application or enforce SSL/TLS protocols through external controls to minimize the attack surface.

If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly.