Heartbleed OpenSSL vulnerability and eDirectory
This document (7014961) is provided subject to the disclaimer at the end of this document.
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
What is eDirectory\iManager\NMAS's exposure to this bug?
The good news is that eDirectory services and utilities are not affected by this vulnerability as it uses an earlier version of OpenSSL.
NTLS - eDirectory lays down and consumes OpenSSL from NTLS. The version of OpenSSL in our latest versions of NTLS (887 & 888) has not changed in 2 years and contains version 0.9.d which does not contain the vulnerability.
IDM (including Designer & Analyzer) consumes OpenSSL 0.9.8 so is also clear.
iMgr - uses JSSE from Java as the underlying SSL library so there is no impact here as well.
OES\SLES consumes OpenSSL 0.9.8
Sentinel and the platform agents: use OpenSSL 0.9.8 so are unaffected.
Operations Center: NOC: Not affected by OpenSSL HeartBleed Bug (7014895)
Access Manager: Heartbleed openssl vulnerability and NAM (7014878)
Self Service Password Reset: Heartbleed openssl vulnerability and SSPR (7014929)
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7014961
- Creation Date:24-APR-14
- Modified Date:27-MAY-15
- NovellNMAS (Modular Authentication Service)PKIS (Certificate Server)
Did this document solve your problem? Provide Feedback