The world has been scrambling to understand and mitigate the effects of the HeartBleed SSL vulnerability.
HP has released information about which of its server management products are affected by HeartBleed.
The good news is that the following products are NOT affected.
- Virtual Connect
- Integrated Lights Out (iLO) 2, 3, 4
- HP Insight Control Server Provisioning
- System Management Homepage (SMH) HP-UX
- HP OneView
- Systems Insight Manager
- NonStop SSL
- iTP WebServer for NonStop Servers
- Onboard Administrator for NonStop Integrity Platforms
The following products ARE affected and as yet there are no fixes.
Check back with the linked security bulletins or sign up to get HP Security Bulletin alerts at http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
HP System Management Homepage (SMH) Linux and Windows
The following versions are affected: 7.1.2, 7.2, 7.2.1, 7.2.2, 7.3, 7.3.1
No fix as yet, no suggestion from HP as to what to do, best not to access it then unless on a secure and isolated private management network.
If you’ve deployed HP agents to all your servers and include the SMH as is the default, get ready, you’re going to have to update all of your servers, if you thought your impact was limited, think again!
HP Onboard Administrator (OA)
Versions 4.11 and 4.20 are affected, there is no fix as yet, the only current option is to downgrade your version.
HP Smart Update Manager (HP SUM)
Versions 6.0.0 through to 6.3.0 are affected, HP recommend limiting HP SUM usage to a secure and isolated private management network