Symptom
On 11.04.2014 SAP published a Spotlight-News about the Heartbleed case:
Deficiencies in releases of OpenSSL libraries
https://service.sap.com/~sapidb/011000358700000308332014E/
AD-HOC SECURITY NOTIFICATION
Deficiencies in releases of OpenSSL libraries
SAP has received information about security deficiencies in some releases of OpenSSL libraries, used in a number of software products of different vendors. These deficiencies are referred to under the name of the "Heartbleed" vulnerability (CVE-2014-0160, see http://heartbleed.com). SAP security teams are in the process of investigating if products are possibly affected by the reported vulnerability. At the current state of investigations we have no indications that SAP NetWeaver and SAP HANA are affected.
SAP takes any security-related report very seriously. We will notify our customers appropriately as relevant new information on this topic becomes available.
We take the opportunity to remind you to increase the security of your SAP systems by installing the available security patches. For information on SAP's security notes and patches, please go to the SAP Security Notes page on the SAP Service Marketplace extranet at https://service.sap.com/securitynotes.
This Spotlight-News can be accessed here as well:
https://service.sap.com/securitynews
https://service.sap.com/securitynotes
https://service.sap.com/support
https://support.sap.com/home.html
If you have further question please open a standard customer case.
If no specific component is known, optionally component XX-SER-BO-SEC can be used.
Read more...
Keywords
CVE-2014-0160 Heartbleed OpenSSL , KBA , cve-2014-0160 , openssl , heartbleed , heartbleed cve-2014-0160 openssl , XX-SER-BOSEC , AGS SEC Backoffice , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.