The OpenSSL vulnerability announced on April 7, 2014, also referred to as the Heartbleed bug (CVE-2014-0160), gives hackers the opportunity to obtain the encryption keys used to secure content that is transmitted over SSL/TLS sessions.
How does this affect you as an STR Software customer? For the most part, you are not affected.
- The AventX product suite is NOT affected
- FAXCOM Anywhere fax hosting service is NOT affected
- The SFT (formerly BDS) appliance as part of AventX Mail SC is NOT affected
- AventX Mail SC (SFT) running on a Windows (IIS) is NOT affected
- AventX connection to EasyLink fax service is NOT affected
You can test your installation by going to this site and entering the URL of your SFT server:
Status of different OpenSSL versions:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
More information can be found here:
Please feel free to contact us if you have questions or concerns at 1-800-804-7097 or 804-897-1600 option 3.