Skip to content
Effectuer une recherche pour en savoir plus sur les produits et solutions InterSystems, les offres d'emploi, etc.

Advisory: Cross-Protocol Attack on TLS Using SSLv2 (DROWN)

March 10, 2016 – Advisory: Cross-Protocol Attack on TLS Using SSLv2 (DROWN)

This advisory concerns the recently announced vulnerability CVE-2016-0800, aka DROWN, which is due to weaknesses in SSLv2. For more information, see https://drownattack.com. This vulnerability may be relevant to InterSystems customers as InterSystems products have the capability to utilize SSLv2.

SSLv2 is known to have weak security and it has long been recommended that it be disabled in installations. SSLv2 has always been disabled by default in all released versions of InterSystems products.

If your organization uses the default configuration for its instances, then no action is required. However, if your organization has enabled SSLv2 for any of its instances, then to eliminate this vulnerability you must disable it. This is especially critical if any instances share a private key. (Note that InterSystems always strongly discourages sharing private keys due to its inherent dangers.) Your organization’s administrators can use the Management Portal or the command line utilities to make the required modifications to SSL/TLS configurations of InterSystems product instances.

If you have any questions regarding this alert, please contact the InterSystems Worldwide Response Center.

Latest Alerts & Advisories

10 Oct 2025
This alert supersedes the version issued on October 7, 2025. The original alert listed incorrect affected and fixed versions.
07 Oct 2025
Risk Category & Score Explicit Requirements DP-443396 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2024.1.0 – 2024.1.4, 2024.2.0, 2024.3.0, and 2025.1.0, and 2025.1.1 HealthShare® Unified Care Record versions 2024.2 and 2025.1 Wrong Results: Low Risk Using Common Table Expressions in Dynamic SQL
07 Oct 2025
Risk Category & Score Explicit Requirements HSHC-5268 HealthShare® Health Connect and InterSystems IRIS® for Health versions 2025.1.1 Functional: Medium Risk Occurs when performing SDA3 -> FHIR transformations involving the Encounter resource.
07 Oct 2025
This alert has been corrected - please see: October 10 - Correction Notice: Updated Alert for DP-442892
30 Sep 2025
In InterSystems IRIS, InterSystems IRIS for Health, and HealthShare Health Connect, versions 2025.1.1 and 2025.2.0, the new “ Mirror Database Download” functionality does not include certain globals.
24 Sep 2025
Risk Category & Score Explicit Requirements DP-444551 InterSystems IRIS® data platform InterSystems IRIS® for Health HealthShare® Health Connect versions 2025.1.0, 2025.1.1, and 2025.2
03 Sep 2025
Risk Category & Score Explicit Requirements DP-442440 InterSystems IRIS ® data platform 2025.1.1.308.0 InterSystems IRIS for Health HealthShare® Health Connect Operational:
23 Jul 2025
InterSystems IRIS 2025.2 introduces the IRISSECURITY database, the new home for security data. Unlike IRISSYS, the previous home for security data, IRISSECURITY can be encrypted, which secures your sensitive data at rest. In a future version, IRISSECURITY will be mirrorable.
23 Jul 2025
InterSystems is pleased to announce the General Availability (GA) of the 2025.2 release of InterSystems IRIS® data platform. This is a Continuous Delivery (CD) release. Please note that the GA versions of InterSystems IRIS for Health™ and HealthShare® Health Connect™ 2025.2 are currently withheld due to mirroring limitations introduced by security updates (details below).