April 9, 2014 – InterSystems Security Notification: Heartbleed Bug
A security vulnerability in OpenSSL identified as CVE-2014-0160 and popularly known as “The HeartBleed Bug”, was made public on April 8, 2014 and has since been widely publicized. More information is available at http://heartbleed.com.
InterSystems products do ship with and use OpenSSL*, but no InterSystems product or version of Caché, Ensemble, or HealthShare include any of the vulnerable versions of OpenSSL*.
NO corrective steps are needed to protect InterSystems products against this vulnerability.
*OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to this attack. The latest version of OpenSSL InterSystems distributes is 1.0.0e, which is not vulnerable to this attack.