Is Symantec Messaging Gateway (SMG) affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)

book

Article ID: 159157

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Inquiries asking whether the Symantec Messaging Gateway is affected by the "heartbleed" OpenSSL bug (CVE-2014-0160) that allows highly sensitive material such as primary key information to be accessed illicitly via a defect in the implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).

Resolution

Symantec Messaging Gateway is not affected by this vulnerability, as it doesn't run an OpenSSL version that is susceptible to this defect.

For other Symantec products, please see the subsequent support documents or teams for comment.