SAP Products and OpenSSL Heartbleed

There has been a lot of discussion last week about CVE-2014-0160, also known as the Heartbleed vulnerability. For those unfamiliar with the vulnerability I recommend and, for a light hearted explanation, XKCD. Along with impacting a good chunk of the Internet it has also taken a toll on a number of products including those from Cisco, VMWare, and Oracle to name just a few. As you can imagine we have been watching the issue pretty closely and performing testing in our lab in order to better understand the impact, if any to SAP and its customers.  Here is our current understanding on the status of some of SAP's products:


Not Vulnerable

Unknown Status

On behalf of our customers and the SAP community in general we will continue to apply time and resources to investigating the impact of the Heartbleed vulnerability on SAP products.

Leave a comment