SAP Knowledge Base Article - Preview

2004805 - Heartbleed (CVE-2014-0160) OpenSSL Vulnerability – Product related status and recommendations


On 11.04.2014 SAP published a Spotlight-News about the Heartbleed case:

Deficiencies in releases of OpenSSL libraries


Deficiencies in releases of OpenSSL libraries

SAP has received information about security deficiencies in some releases of OpenSSL libraries, used in a number of software products of different vendors. These deficiencies are referred to under the name of the "Heartbleed" vulnerability (CVE-2014-0160, see SAP security teams are in the process of investigating if products are possibly affected by the reported vulnerability. At the current state of investigations we have no indications that SAP NetWeaver and SAP HANA are affected.

SAP takes any security-related report very seriously. We will notify our customers appropriately as relevant new information on this topic becomes available.

We take the opportunity to remind you to increase the security of your SAP systems by installing the available security patches. For information on SAP's security notes and patches, please go to the SAP Security Notes page on the SAP Service Marketplace extranet at

This Spotlight-News can be accessed here as well:

If you have further question please open a standard customer case.
If no specific component is known, optionally component XX-SER-BO-SEC can be used.





CVE-2014-0160 Heartbleed OpenSSL , KBA , cve-2014-0160 , openssl , heartbleed , heartbleed cve-2014-0160 openssl , XX-SER-BOSEC , AGS SEC Backoffice , Bug Filed

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.