Technical Blog Post
Abstract
Is My Netcool Application Affected by the OpenSSL Heartbleed Vulnerability?
Body
What is the OpenSSL Heartbleed Vulnerability?
Vulnerability CVE-2014-0160 aka the OpenSSL Heartbleed bug was announced on April 7, 2014. OpenSSL versions 1.0.1 to 1.0.1f and 1.0.2beta are affected. It is advised that if you are using OpenSSL in your environment, you should remediate with the fixed version of OpenSSL. Details are at National Cyber Awareness System Vulnerability Summary for CVE-2014-0160
Are IBM Tivoli Netcool applications affected by the Heartbleed Vulnerability?
Flash Notifications have been released for Netcool/OMNIbus, Netcool/OMNIbus GUI, Netcool/Impact, Tivoli Network Manager IP Edition, Netcool/OMNIbus Probes, Netcool Knowledge Library, Netcool/OMNIbus Gateways, and Netcool Performance Manager which are NOT affected. Details on the announcement for each product are listed below.
Tivoli Netcool/OMNIbus is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160)
Tivoli Netcool/OMNIbus GUI is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160)
Netcool/OMNIbus Probes unaffected by CVE-2014-0160 OpenSSL Heartbleed issue
Netcool/Knowledge Library is unaffected by OpenSSL Heartbleed vulnerability
Are my other IBM products affected by the Heartbleed Vulnerability?
A listing of all IBM products which are affected or are NOT affected is available at
IBM Product Security Incident Response for OpenSSL Heartbleed (CVE-2014-0160)
UID
ibm11082175