Is OmniCenter vulnerable to the Heartbleed bug in OpenSSL?

Short Answer

The version of OpenSSL that OmniCenter uses IS NOT, and HAS NEVER BEEN, vulnerable to this exploit.

In April 2014, OpenSSL announced the existence of the CVE-2014-0160 bug (also known as Heartbleed) which is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

OmniCenter uses the Apache web server, which uses OpenSSL for encryption. However, the version of OpenSSL that OmniCenter uses is not, and never has been, vulnerable to this exploit.

In practice, the risk of this type of exploit for OmniCenter customers is very low anyway, as OmniCenter is typically deployed behind the customer firewall and is not publicly accessible to outside attackers. OmniCenter also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the OmniCenter Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.