Skip to Content
This is the latest documentation for BMC Helix Network Management (formerly known as Netreo).

 

Is there any exposure to the Heartbleed bug in OpenSSL?

 

Short Answer

No. The version of OpenSSL that BMC Helix Network Management uses IS NOT and HAS NEVER BEEN vulnerable to this exploit.

In April 2014, OpenSSL announced the existence of the CVE-2014-0160 bug (also known as Heartbleed) which is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and some virtual private networks (VPNs).

BMC Helix Network Management uses the Apache web server, which uses OpenSSL for encryption. However, the version of OpenSSL that BMC Helix Network Management uses is not, and never has been, vulnerable to this exploit.

In practice, the risk of this type of exploit for BMC Helix Network Management customers is very low anyway, as BMC Helix Network Management is typically deployed behind the customer firewall and is not publicly accessible to outside attackers. BMC Helix Network Management also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the Appliance Security page for more information.

If you have any concerns, please feel free to contact BMC Helix Support.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Network Management