000017409 - OpenSSL Heartbeat Vulnerability (Heartbleed) in RSA products

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000017409
Applies ToOpenSSL
CVE-2014-0160
Heartbleed Vulnerability
IssueOpenSSL Heartbeat Vulnerability (Heartbleed) in RSA products
Cause

EMC CONFIDENTIAL ? SUBJECT TO CONFIDENTIALITY PROVISIONS IN LICENSE AGREEMENT


Issue: OpenSSL versions 1.0.1 through 1.0.1f are indicated to be vulnerable to Heartbeat Vulnerability (CVE-2014-0160).


*Please note that Redhat has update packages that remediates this vulnerability labeled with version openssl-1.0.1e-16.el6_5.7


https://rhn.redhat.com/errata/RHSA-2014-0376.html


https://access.redhat.com/site/solutions/781793


References:


Original disclosure: http://heartbleed.com/


US CERT: http://www.kb.cert.org/vuls/id/720951


NVD: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160&cid=2

Resolution

Resolution: RSA is aware of this issue and working with product organizations to investigate the issue and identify the impact. The impact of this


vulnerability on RSA products may vary depending on the affected product.


This table will be updated as additional information becomes available.


 RSA Product Name Versions Impact
 3D Secure ALL Supported Impacted-Remediated
 Access Manager ALL Supported No Impact
 Adaptive Authentication Hosted ALL Supported No Impact
 Adaptive Authentication On Prem ALL Supported No Impact
 Archer ALL Supported No Impact
 Authentication Manager 5.x,6.x,7.x No Impact
 Authentication Manager 8.x Impacted
 Aveksa ALL Supported No Impact
 Aveksa StealthAUDIT  No Impact
 BSAFE ALL Supported No Impact
 Data Loss Protection ALL Supported No Impact
 Data Protection Manager ALL Supported No Impact
 Digital Certificate Server ALL Supported No Impact
 ECAT ALL Supported No Impact
 enVision ALL Supported No Impact
 Federated Identity Manager ALL Supported No Impact
 FraudAction ALL Supported No Impact
 Netwitness 9.6, 9.7 No Impact
 Netwitness 9.8.x Impacted
 RSA Live Infrastructure ALL Supported No Impact
 SecurID 700 Hardware Token ALL Supported No Impact
 SecurID 800 Hardware Token ALL Supported No Impact
 SecurID Agent for PAM ALL Supported No Impact
 SecurID Agent for UNIX ALL Supported No Impact
 SecurID Agent for Web ALL Supported No Impact
 SecurID Agent for Windows ALL Supported No Impact
 SecurID Authentication Client ALL Supported No Impact
 SecurID Authentication Engine ALL Supported No Impact
 SecurID Authentication SDK ALL Supported No Impact
 SecurID Software Token Converter ALL Supported No Impact
 SecurID Software Token for Android ALL Supported No Impact
 SecurID Software Token for Blackberry ALL Supported No Impact
 SecurID Software Token for Desktop ALL Supported No Impact
 SecurID Software Token for iPhone ALL Supported No Impact
 SecurID Software Token for Windows Mobile ALL Supported No Impact
 SecurID Software Token Toolbar ALL Supported No Impact
 SecurID Software Token Web SDK ALL Supported No Impact
 SecurID Transaction Signing SDK ALL Supported No Impact
 Security Analytics 10.0.x-10.2.x
  

 Impacted


  
 Security Analytics (Windows Legacy Collector) 10.3.x
    
 Impacted
 Security Analytics 10.3.x No Impact
 Web Threat Detection (Silvertail) ALL Supported No Impact


 
Legacy Article IDa65004

Attachments

    Outcomes