On July 9th 2015, the OpenSSL project released a Security Advisory. This advisory contained 1 security issue (CVE-2015-1793), which was given a severity rating of “high”.
The advisory lists OpenSSL 1.0.1n, 1.0.1o, 1.0.2b and 1.0.2c as being affected by this issue. These updates were released in June 2015.
VMware Security Response Center (vSRC) has investigated this issue and we can confirm that we have not shipped any products with these versions of OpenSSL. We can also confirm that our service offerings do not use them.
We have issued VMware Knowledge Base article 2124931 on this.
VMware has put safeguards in place to ensure upcoming product released will not ship with these versions of OpenSSL.