Documentum and HeartBleed SSL Bug

In case you haven’t heard, most EMC products are NOT susceptible to the HeartBleed SSL vulnerability.  See the explanation and list in this KB article: OpenSSL Heartbeat Vulnerability (Heartbleed) in EMC products, https://support.emc.com/kb/185965.

So, the two Documentum products listed, D2 and eRoom, say they are “Not Impacted”; however, the details state “In progress”.  Does that mean testing is in progress, or a fix is in progress?  And what about other Documentum products like Content Server, Java Method Server, Webtop, Business Process Engine, xPlore…?  We already know that Syncplicity is affected, that ESA was issued yesterday, https://support.emc.com/kb/185966.

Stay tuned to the KB, EMC has promised updates.

UPDATE:  EMC has updated the list of non-impacted products in this KB article to include a much larger collection of Documentum products; none of which use OpenSSL and therefore are not vulnerable.

 

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

One Response to Documentum and HeartBleed SSL Bug

  1. Pingback: Two New Documentum Security Issues | dm_misc: Miscellaneous Documentum Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: