OpenSSL "Heartbleed" Vulnerability


On April 8, 2014 HP, a vulnerability was notified of the CVE-2014-0160 non-HP site vulnerability (now known as "Heartbleed"). This vulnerability has garnered a substantial amount of media attention. See references section for link to National Vulnerability Database entry describing vulnerability in detail.


OpenSSL is used in some HP products to provide encryption and SSL services. HP is committed to delivering secure systems that effectively manage our invaluable customer and employee data. Upon knowledge of the "Heartbleed" vulnerability, HP teams began an aggressive and comprehensive review of all actively supported products.


HP takes Internet vulnerabilities seriously and works collaboratively through organizations like the Information Technology Information Sharing & Analysis Center (IT-ISAC), government agencies and industry partners to share information about the vulnerabilities and how to effectively address them. With regard to addressing the potential impact of the recently identified “Heartbleed” OpenSSL vulnerability, HP is closely examining our systems and sites for the vulnerability and performing remediation as needed to ensure this vulnerability is not exploited. Also, it should be noted that HP consistently employs security controls and procedures to protect against attacks that target our systems and networks


What can you do?


While we complete our investigation, this is a good opportunity to ensure security best practices are being followed:


Get the latest Enterprise Product information

Please visit this HP Support Center page and click the blue "Search" button.


Get the latest Consumer Product information

Visit Support & Troubleshooting and enter your product name or number.


Get the latest HP Software information

Visit the HP Security Products Blog.


Subscribe to HP real-time security information

You may subscribe to receive real-time updates from HP’s Software Security Response Team when updates are published to the centralized security bulletin archive.