Are Symantec Data Loss Prevention (DLP) releases affected by the “Heartbleed” OpenSSL vulnerability (CVE-2014-0160)?
Last Updated June 27, 2019
A defect in the TLS/DTLS implementations of OpenSSL 1.0.1 - 1.0.1f may allow an attacker to obtain sensitive data including private keys via the Heartbeat extension of OpenSSL.
Symantec Data Loss Prevention (DLP) releases are NOT affected, as these do not use OpenSSL versions that are susceptible to this defect.
Note: In the Symantec DLP 12.0 Third-Party License Agreements guide, "OpenSSL 1.0.1c" is mistakenly included in the list of 3rd party licenses for DLP. This release of OpenSSL is NOT included in v12 of DLP, and is not present in earlier releases.
Imported Document ID: TECH220285
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.