There has been a lot of discussion last week about CVE-2014-0160, also known as the Heartbleed vulnerability. For those unfamiliar with the vulnerability I recommend heartbleed.com and, for a light hearted explanation, XKCD. Along with impacting a good chunk of the Internet it has also taken a toll on a number of products including those from Cisco, VMWare, and Oracle to name just a few. As you can imagine we have been watching the issue pretty closely and performing testing in our lab in order to better understand the impact, if any to SAP and its customers. Here is our current understanding on the status of some of SAP’s products:
- As posted on the SAP Community Network, SQL Anywhere Server, Mobilink Server, and Relay Server Outbound are vulnerable (http://scn.sap.com/community/sql-anywhere/blog/2014/04/11/openssl-heartbleed-and-sql-anywhere).