Is My Netcool Application Affected by the OpenSSL Heartbleed Vulnerability?

Body

What is the OpenSSL Heartbleed Vulnerability?

Vulnerability CVE-2014-0160 aka the OpenSSL Heartbleed bug was announced on April 7, 2014. OpenSSL versions 1.0.1 to 1.0.1f and 1.0.2beta are affected. It is advised that if you are using OpenSSL in your environment, you should remediate with the fixed version of OpenSSL. Details are at National Cyber Awareness System Vulnerability Summary for CVE-2014-0160

Are IBM Tivoli Netcool applications affected by the Heartbleed Vulnerability?

Flash Notifications have been released for Netcool/OMNIbus, Netcool/OMNIbus GUI, Netcool/Impact, Tivoli Network Manager IP Edition, Netcool/OMNIbus Probes, Netcool Knowledge Library, Netcool/OMNIbus Gateways, and Netcool Performance Manager which are NOT affected. Details on the announcement for each product are listed below.

Tivoli Netcool/OMNIbus is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160)

Tivoli Netcool/OMNIbus GUI is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160)

Tivoli Netcool/Impact is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160) or the flush and reload CVE-2014-0076

Tivoli Network Manager IP Edition is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160)

Netcool/OMNIbus Probes unaffected by CVE-2014-0160 OpenSSL Heartbleed issue

Netcool/Knowledge Library  is unaffected by OpenSSL Heartbleed vulnerability

All Tivoli Netcool/OMNIbus Gateways are NOT affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160) and NOT affected by the OpenSSL Flush + Reload vulnerability (CVE-2014-0076)

IBM Tivoli Netcool Performance Manager is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160)

Are my other IBM products affected by the Heartbleed Vulnerability?

A listing of all IBM products which are affected or are NOT affected is available at

IBM Product Security Incident Response for OpenSSL Heartbleed (CVE-2014-0160)