Investigating publicly disclosed OpenSSL vulnerability
Issued: April 09, 2014
Updated: April 10.2014
CA Technologies is currently investigating an OpenSSL vulnerability, referred to as the “Heartbleed bug” that was publicly disclosed on April 7, 2014. CVE identifier CVE-2014-0160 has been assigned to this vulnerability. After reviewing our products, CA Technologies has confirmed that the majority of our product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected. CA Technologies will provide information about affected products and solutions as it becomes available.
These products may be affected:
CA ARCserve D2D for Windows 16.5 and 16.5SP1
CA ARCserve D2D for Linux 16.5 and 16.5SP1
CA ARCserve High Availability 16.5, 16.5SP1, 16.5SP2
CA ARCserve Replication 16.5, 16.5SP1, 16.5SP2
CA ARCserve Unified Data Protection (Release Candidate)
CA DataMinder r14.5, r14.51, r14.6 - Only the Client Network Agent (CNA) is potentially vulnerable.
Network Boundary Agent (NBA) is NOT vulnerable.
CA eHealth 220.127.116.11 and newer (all platforms affected)
Layer 7 Gateway 8.1 Appliances (present in the Operating System, but NOT leveraged by the CA
CA Mobile Device Management 2014 Q1
CA XCOM Data Transport – Only Windows 64-bit platform is affected.
Note: At this time, no other CA Technologies products have been identified as potentially vulnerable.
This information will be published in the Vulnerability Alerts section of the CA Technologies Support Online site.
Version 1.0: Initial Release
Version 1.1: Added DataMinder
Version 1.2: Added ARCserve products, updated DataMinder info, updated eHealth info, updated MDM info.
If additional information is required, please contact CA Technologies Support at https://support.ca.com/.
If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at firstname.lastname@example.org.