Is Symantec Message Filter (SMF) or Symantec Messaging Gateway for Service Providers (SMG-SP) affected by the Heartbleed OpenSSL vulnerability (CVE-2014-0160)


Article ID: 159167


Updated On:


Messaging Gateway for Service Providers


Inquiries asking whether SMF or SMG-SP are affected by the "heartbleed" OpenSSL bug (CVE-2014-0160) that allows highly sensitive material such as primary key information to be accessed illicitly via a defect in the implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).


SMF and SMG-SP are not affected by this vulnerability. Please note it's possible these products could be installed on systems where affected version of OpenSSL is deployed, this is beyond Symantec's control and support. Please ensure to install secure version of OpenSSL on your systems.

For other Symantec products, please see the subsequent support documents or teams for comment.