RSA Product Name | Versions | Impacted? | Details | Last Updated |
---|---|---|---|---|
3D Secure / Adaptive Authentication eCommerce | All Supported | Not Impacted | 7/14/2015 | |
Access Manager | All Supported | Not Impacted | AxM does not use or ship OpenSSL as part of the product | 7/13/2015 |
Adaptive Authentication Hosted | All Supported | Not Impacted | 7/14/2015 | |
Adaptive Authentication On-Prem | All Supported | Not Impacted | 7/14/2015 | |
Archer Hosted | N/A | Impacted | Archer Mobile application uses SQLite library which utilizes OpenSSL library containing the X509_verify_cert function. Based on RSA’s analysis, Archer application is not believed to be exploitable as it does not use this function directly. | 7/20/2015 |
Archer Platform | All Supported | Impacted | Archer Mobile application uses SQLite library which utilizes OpenSSL library containing the X509_verify_cert function. Based on RSA’s analysis, Archer application is not believed to be exploitable as it does not use this function directly. | 7/20/2015 |
Archer SecOps | All Supported | Impacted | Archer Mobile application uses SQLite library which utilizes OpenSSL library containing the X509_verify_cert function. Based on RSA’s analysis, Archer application is not believed to be exploitable as it does not use this function directly. | 7/20/2015 |
Archer Vulnerability & Risk Manager (VRM) | All Supported | Impacted | Archer Mobile application uses SQLite library which utilizes OpenSSL library containing the X509_verify_cert function. Based on RSA’s analysis, Archer application is not believed to be exploitable as it does not use this function directly. | 7/20/2015 |
Authentication Manager Software Platform | 7.1.4 | Not Impacted | AM 7.1.4 does not use OpenSSL | 7/10/2015 |
Authentication Manager Appliance | 3.0.4 | Not Impacted | AM 3.0.4 does not use a vulnerable version of OpenSSL | 7/10/2015 |
Authentication Manager Appliance | 8.1.1 | Not Impacted | AM 8.1.1 does not use a vulnerable version of OpenSSL | 7/10/2015 |
Authentication Manager Express | 1.0 | Not Impacted | 7/15/2015 | |
BSAFE: MES | All Supported | Not Impacted | 7/13/2015 | |
BSAFE: SSL-C | All Supported | Not Impacted | 7/13/2015 | |
BSAFE: SSL-J | All Supported | Not Impacted | 7/13/2015 | |
Data Loss Prevention | 9.5.x & 9.6.x | Not Impacted | The affected OpenSSL versions are not shipped with DLP | 7/15/2015 |
Data Protection Manager | All Supported | Not Impacted | DPM uses OpenSSL 0.9.8 which is not affected by this issue | 7/14/2015 |
DCS: Certificate Manager | All Supported | Not Impacted | Certificate Manager does not use OpenSSL | 7/13/2015 |
DCS: Validation Manager | All Supported | Not Impacted | Validation Manager does not use OpenSSL | 7/13/2015 |
ECAT | All Supported | Not Impacted | ECAT does not use OpenSSL for certificate chain verification | 7/14/2015 |
enVision | All Supported | Not Impacted | enVision does not use OpenSSL | 7/10/2015 |
Federated Identity Manager | All Supported | Not Impacted | AxM does not use or ship OpenSSL as part of the product | 7/13/2015 |
FraudAction | All Supported | Investigating | 7/10/2015 | |
IMG (Aveksa) MyAccess Live | All Supported | Not Impacted | 7/14/2015 | |
IMG (Aveksa) On-Prem Platform | All Supported | Not Impacted | 7/14/2015 | |
IMG (Aveksa) Appliance | All Supported | Not Impacted | Appliance ships with SUSE which includes OpenSSL, however this issue does not apply to SUSE | 7/14/2015 |
IMG (Aveksa) StealthAudit | All Supported | Not Impacted | 7/14/2015 | |
Netwitness | 9.8.x | Not Impacted | Netwitness runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/10/2015 |
Netwitness Informer | 2.0 | Not Impacted | Informer does not use vulnerable OpenSSL library | 7/13/2015 |
Netwitness Spectrum | 1.1 | Not Impacted | Netwitness runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/10/2015 |
RSA Central | All Supported | Investigating | 7/10/2015 | |
RSA Live Infrastructure | All Supported | Not Impacted | SA Live runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/13/2015 |
SecurID Agent for PAM | All Supported | Not Impacted | Agent does not use OpenSSL or do certificate verification | 7/15/2015 |
SecurID Agent for Web | All Supported | Not Impacted | Agent does not use OpenSSL or do certificate verification | 7/15/2015 |
SecurID Agent for Windows | All Supported | Not Impacted | Agent does not use OpenSSL or do certificate verification | 7/15/2015 |
SecurID Authentication Engine | All Supported | Not Impacted | SAE does not use OpenSSL or do certificate verification | 7/15/2015 |
SecurID Authentication SDK | All Supported | Not Impacted | SDK does not use OpenSSL or do certificate verification | 7/15/2015 |
SecurID Software Token Converter | All Supported | Not Impacted | Token Converter does not use OpenSSL or do certificate verification | 7/15/2015 |
SecurID Software Token for Android | All Supported | Not Impacted | Software Token for Android does not use OpenSSL | 7/20/2015 |
SecurID Software Token for Blackberry | All Supported | Impacted | Software Token for Android uses OpenSSL but does not utilize the vulnerable X509 certificate validation. Based on RSA’s analysis, the product is not believed to be exploitable. | 7/20/2015 |
SecurID Software Token for Desktop | All Supported | Investigating | 7/10/2015 | |
SecurID Software Token for iPhone | All Supported | Not Impacted | Software Token for iPhone does not use OpenSSL | 7/20/2015 |
SecurID Software Token for Windows Mobile | All Supported | Investigating | 7/10/2015 | |
SecurID Software Token Toolbar | All Supported | Investigating | 7/10/2015 | |
SecurID Software Token Web SDK | All Supported | Investigating | 7/10/2015 | |
SecurID Transaction Signing SDK | All Supported | Investigating | 7/10/2015 | |
Security Analytics Platform Physical and Virtual Appliances | 10.0.x-10.5.x | Not Impacted | SA runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/10/2015 |
Security Analytics Malware Analytics | 10.0.x-10.5.x | Not Impacted | SA runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/10/2015 |
Security Analytics Malware Cloud | N/A | Not Impacted | MA Cloud runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/13/2015 |
Security Analytics (Windows Legacy Collector) | 10.0.x-10.5.x | Not Impacted | Windows Legacy Collector does not use vulnerable OpenSSL library | 7/13/2015 |
Security Analytics Warehouse (DCA Pivotal) | Not Impacted | Warehouse runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/13/2015 | |
Security Analytics Warehouse (MapR) | Not Impacted | Warehouse runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/13/2015 | |
Web Threat Detection (SilverTail) | All Supported | Not Impacted | WTD runs on centOS 6 which is based on RHEL6, and RHEL6 is not vulnerable as per RedHat | 7/13/2015 |