Today EMC reported on the ESA-2014-037 that the the impact of OpenSSL Heartbleed vulnerability (CVE-2014-0160) on Documentum Content Server is limited to:
- Fulltext query plugin used by the Content Server to communicate with the xPlore server;
- CAS plugin, used by the Content Server for CAS based authentication.
The impacted environments are:
- Documentum Content Server (Linux platform only) 6.7 SP1 (P14-P26), 6.7 SP2 (P01-P12), 7.0 (P03-P13)
- Documentum Content Server (Windows 64, Linux, Solaris, AIX) 7.1 (base release – P03)
For these environments, EMC strongly recommends to upgrade to one of the versions listed below at the earliest opportunity.
- EMC Documentum Content Server version 7.1 P04 and later
- EMC Documentum Content Server Linux version 7.0 P14 and later
- EMC Documentum Content Server Linux version 6.7 SP2 P13 and later
- EMC Documentum Content Server Linux version 6.7 SP1 P27 and later
After upgrade, it is strongly recommended to:
- Renew certificates
- Revoke old certificates
- Change passwords for CAS user accounts