Chris_Hackett

Investigating publicly disclosed OpenSSL Heartbleed vulnerability

Discussion created by Chris_Hackett Employee on Apr 11, 2014
Latest reply on Apr 11, 2014 by Chris_Hackett

Investigating publicly disclosed OpenSSL vulnerability

 

Issued: April 09, 2014

Updated: April 10.2014

 

CA Technologies is currently investigating an OpenSSL vulnerability, referred to as the “Heartbleed bug” that was publicly disclosed on April 7, 2014.  CVE identifier CVE-2014-0160 has been assigned to this vulnerability.  After reviewing our products, CA Technologies has confirmed that the majority of our product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected. CA Technologies will provide information about affected products and solutions as it becomes available.

 

These products may be affected:

CA ARCserve D2D for Windows 16.5 and 16.5SP1

CA ARCserve D2D for Linux 16.5 and 16.5SP1

CA ARCserve High Availability 16.5, 16.5SP1, 16.5SP2

CA ARCserve Replication 16.5, 16.5SP1, 16.5SP2

CA ARCserve Unified Data Protection (Release Candidate)

CA DataMinder r14.5, r14.51, r14.6 - Only the Client Network Agent (CNA) is potentially vulnerable.
   Network Boundary Agent (NBA) is NOT vulnerable.

CA eHealth 6.3.0.5 and newer (all platforms affected)

Layer 7 Gateway 8.1 Appliances (present in the Operating System, but NOT leveraged by the CA
   Gateway software)

CA Mobile Device Management 2014 Q1

CA XCOM Data Transport – Only Windows 64-bit platform is affected.

 

Note: At this time, no other CA Technologies products have been identified as potentially vulnerable.

 

This information will be published in the Vulnerability Alerts section of the CA Technologies Support Online site.

 

Change History

 

Version 1.0: Initial Release

Version 1.1: Added DataMinder

Version 1.2: Added ARCserve products, updated DataMinder info, updated eHealth info, updated MDM info.

 

If additional information is required, please contact CA Technologies Support at https://support.ca.com/.

 

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at vuln@ca.com.

 

CA Technologies Product Vulnerability Response Team PGP Key

Outcomes