Skip to Content
0
Apr 10, 2014 at 10:51 AM

Does SAP BusinessObejcts Enterprise use OpenSSL anywhere?

272 Views

Hello Guru's,

As you may have heard, and the news that is making rounds of late is the “Open SSL vulnerability” called Heartbleed.

Open SSL is widely used across software industries and many of the products also embed OpenSSL.

The versions 1.0.1 through 1.0.1f (inclusive) are vulnerable, (the older versions, and the fixed version (1.0.1g) are not vulnerable).

We need to know if SAP BusinessObjects is embedding OpenSSL anywhere, and if yes, then what is the version of OpenSSL used.


This is and proactive step that we taking as in case of vulnerabilities, we need to communicate our customers, and also have them take Remedial measures.

As of now, please let me know the following information:

  1. Is OpenSSL being used in SAP BusinessObjects product (including older versions that are already shipped to customers)?
  2. If yes, what is its version?

PS: How does it manifest itself: The vulnerability allows a rogue attacker to get access to all your encrypted data, and retrieve all information you send over the network, including sensitive information like passwords. You may read it out of interest here: http://heartbleed.com/, http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

Regards,

Abhay Bagalkoti