Customer Information Regarding the 'Heartbleed' Security Flaw
Recently, an OpenSSL security flaw was discovered that can be exploited to gain unauthorized access to the so-called 'volatile memory' of a web server. This software bug dubbed 'Heartbleed bug' – its official designation is CVE-2014-0160 – commands considerable media attention.
After the announcement of the 'Heartbleed Security Bug' Beta Systems has immediately checked all Data Center and Identity Access Management products. It has been found out that no application is affected.
Beta Systems DCI products are not affected by "Heartbleed".
In general, we recommend Unix operators to update their operating systems and other software applications that interact with our products as quickly as possible with the latest security patches available.
Beta Systems IAM products are not affected by "Heartbleed".
While we do use OpenSSL in our products to handle communication between the master courier and the agents, we utilize OpenSSL 1.0.0d. The versions affected by the Heartbleed bug, 1.0.1 up to sub-release 1.0.1f, are not used by Beta Systems. 'Heartbleed' does not compromise the security of your SAM, SAM BPW or Garancy products.
OpenSSL is not used on any of the websites of Beta Systems Software Group.