What is the “HeartBleed” vulnerability?
The vulnerability (CVE-2014-0160) exploits a bug in OpenSSL’s implementation of TLS/DTLS heartbeat extension. It allows an attacker to read portions of system memory of affected systems including encryption keys, user names and passwords without using any privileged information or credentials.
More information at
What exactly is affected?
The vulnerability affects versions 1.0.1 and 1.0.2-beta of OpenSSL.
Are SSH Communications Security products affected?
SSH protocol/applications are not affected in general, for example OpenSSH is not affected.
Tectia SSH Client/Server/Connectsecure/MFT Events/z/OS are not affected.
Universal SSH Key Manager is indirectly affected
Customers using Universal SSH Key Manager have been informed individually