The vulnerability affects libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Details of the CVE can be found at: https://nvd.nist.gov/vuln/detail/CVE-2018-10933
Our Syslog-ng and Syslog-ng Store Box product doesn't use libssh at all, while One Identity Safeguard for Privileged Sessions is linked to this external package.
The usage of libssh on One Identity Safeguard for Privileged Sessions is limited and is only an external dependency of an internally used package, while the server side components are not used anywhere in the appliance therefore these products are NOT affected by the libssh vulnerability registered under the CVE-2018-10933 CVE Dictionary Entry ID.