Hi,
No problems.
It is an unfortunate, but true fact, that a number of the available vulnerability reporting tools merely query product/component versions and generate exceptions based on this data, rather than actually performing any tests to verify whether the vulnerability exists.
For example, there was a vulnerability announced earlier this year I think for OpenSSH regarding a buffer overflow vulnerability. As long as SBG is deployed and managed in the documented and supported ways (i.e you MUST NOT perform any modification to the included components or configuration outside of the UI or managed CLI functions) then it was not possible for the vulnerability to be exploited on SBG - despite vulnerability tools saying it was. Of course, this version of openSSH was patched as part of our engineering process anyway but it was not an exposed vulnerability on our platform.
Of course, any vulnerabilities that are exposed are triaged and fixed with extremely high priority but to my knowledge, again due to the secure implementation methods we have engineered into SBG, this has never occurred.
If you have specific queries regarding vulnerabilities, you can contact support for more indepth information regarding why SBG is not affected.
Hope that helps.
//ian