Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Business Intelligence and the OpenSSL "Heartbleed" vulnerability

former_member136842
Employee
Employee
‎04-11-2014 9:33 AM

Hello everyone,

maybe you are already aware of the critical security issue within the Open Source implementation of SSL called OpenSSL.

There is a critical Vulnerability that grants an attacker access to the Stream of Data between the Client and the Server even if the attacker has recorded the whole Data stream of the last two years (It has gone public that this critical issue is in the OpenSSL implementation for two years now). This is possible via 64 kb small "Ping" signal that travels between the Client and the Server to check if the connection still active. This "Ping" can be compromised to read the Private Key out of the Server Memory.

For more Information please check the following Web Site:

Heartbleed Bug

SAP BusinessObjects Enterprise XI 3.x is not affected from this Bug as it is using the older OpenSSL Libraries in the Version 0.9.8.

SAP Business Intelligence Platform 4.x is not affected from this Bug at is is using the RSA implementation of SSL.

OpenSSL Libraries in the Version 1.0.1 and 1.0.1f are effected.

SAP created the following Note for more information:

http://service.sap.com/sap/support/notes/2003582

Regards

-Seb.

2 Comments
Labels in this area
Popular Blog Posts