OpenSSL Heartbleed and Documentum – Update – ESA-2014-037

Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to:

  • Fulltext query plugin used by the Content Server to communicate with the xPlore server;
  • CAS plugin, used by the Content Server for CAS based authentication.

The impacted environments are:

  • Documentum Content Server (Linux platform only) 6.7 SP1 (P14-P26), 6.7 SP2 (P01-P12), 7.0 (P03-P13)
  • Documentum Content Server (Windows 64, Linux, Solaris, AIX) 7.1 (base release – P03)

For these environments, EMC  strongly recommends to upgrade to one of the versions listed below at the earliest opportunity.

  • EMC Documentum Content Server version 7.1 P04 and later
  • EMC Documentum Content Server Linux version 7.0 P14 and later
  • EMC Documentum Content Server Linux version 6.7 SP2 P13 and later
  • EMC Documentum Content Server Linux version 6.7 SP1 P27 and later

After upgrade, it is strongly recommended to:

  • Renew certificates
  • Revoke old certificates
  • Change passwords for CAS user accounts

 

This entry was posted in ECM, EMC, Frontpage, Security alert and tagged , , , . Bookmark the permalink.

Leave a Reply