Is Symantec Encryption Management Server vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?
search cancel

Is Symantec Encryption Management Server vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?

book

Article ID: 159160

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption

Issue/Introduction

Only OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) are affected by the "Heartbleed" bug (CVE-2014-0160). Versions below 1.0.1 (such as 0.9.8) are not affected.

 

Resolution

PGP Encryption Server (Symantec Encryption Management Server) includes the openssl package with version 0.9.8 which is not vulnerable to this attack.


 

Powered by Wolken Software