DX Unified Infrastructure Management

  • Private Community
Back to discussions
Expand all | Collapse all

CA Nimsoft Monitor is Not Vulnerable to The OpenSSL Heart Bleed Bug

  • 1.  CA Nimsoft Monitor is Not Vulnerable to The OpenSSL Heart Bleed Bug

    Posted Apr 11, 2014 04:37 AM

    Dear Valued Customer,

     

    As you may have read in the news, a security flaw known as the “Heart Bleed Bug” could allow attackers to gain access to highly sensitive information, including usernames, passwords, credit card numbers, and other important data.

     

    The good news is that CA Nimsoft Monitor and CA Nimsoft Monitor Snap are not vulnerable to the OpenSSL Heart Bleed attack.

     

    What are the details?

     

    The OpenSSL Heart Bleed bug vulnerability affects OpenSSL versions 1.0.1 through 1.0.1f (inclusive)

     

    OpenSSL version 1.0.1g is NOT vulnerable and the OpenSSL 1.0.0 branch as well as the OpenSSL 0.9.8 branch are NOT vulnerable to the Heart Bleed attack.

     

    CA Nimsoft Monitor and CA Nimsoft Monitor Snap use 1.0.0c which is on a branch that is NOT  vulnerable to the Heart Bleed attack.

     

    For customers under support, more information is available at:

    https://na4.salesforce.com/articles/FrequentlyAskedQuestions/OpenSSL-Heartbleed-Vulnerability-is-NMS-affected-by-the-Heartbleed-virus-vulnerabilities?popup=true

     

    Best regards,

     

    Pete Zwetkof

    Principal Product Manager, Nimsoft Monitor

     

    Jim Burnes

    Principal Software Engineer / Security, Nimsoft Monitor



  • 2.  Re: CA Nimsoft Monitor is Not Vulnerable to The OpenSSL Heart Bleed Bug

    Posted Apr 11, 2014 09:34 AM

    Perhaps worth noting that those using the apache ump proxy might be vulnerable. Depending on their underlaying OS.
    While it's not really a part of Nimsoft Monitor, some might consider it since it's provided by Nimsoft.