resources

April 9, 2014 – InterSystems Security Notification: Heartbleed Bug

A security vulnerability in OpenSSL identified as CVE-2014-0160 and popularly known as “The HeartBleed Bug”, was made public on April 8, 2014 and has since been widely publicized. More information is available at http://heartbleed.com.

InterSystems products do ship with and use OpenSSL*, but no InterSystems product or version of Caché, Ensemble, or HealthShare include any of the vulnerable versions of OpenSSL*.
NO corrective steps are needed to protect InterSystems products against this vulnerability.

If you have any questions regarding this, please contact InterSystems WRC by phone (+1 617-621-0700), e-mail
(Support@InterSystems.com), or web (WRC.InterSystems.com)

*OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to this attack. The latest version of OpenSSL InterSystems distributes is 1.0.0e, which is not vulnerable to this attack.