April 9, 2014 – InterSystems Security Notification: Heartbleed Bug
A security vulnerability in OpenSSL identified as CVE-2014-0160 and popularly known as “The HeartBleed Bug”, was made public on April 8, 2014 and has since been widely publicized. More information is available at www.heartbleed.com.
InterSystems products do ship with and use OpenSSL*, but no InterSystems product or version of Caché, Ensemble, or HealthShare include any of the vulnerable versions of OpenSSL*.
NO corrective steps are needed to protect InterSystems products against this vulnerability.
*OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to this attack. The latest version of OpenSSL InterSystems distributes is 1.0.0e, which is not vulnerable to this attack.