Dear Valued Customer,
As you may have read in the news, a security flaw known as the “Heart Bleed Bug” could allow attackers to gain access to highly sensitive information, including usernames, passwords, credit card numbers, and other important data.
The good news is that CA Nimsoft Monitor and CA Nimsoft Monitor Snap are not vulnerable to the OpenSSL Heart Bleed attack.
What are the details?
The OpenSSL Heart Bleed bug vulnerability affects OpenSSL versions 1.0.1 through 1.0.1f (inclusive)
OpenSSL version 1.0.1g is NOT vulnerable and the OpenSSL 1.0.0 branch as well as the OpenSSL 0.9.8 branch are NOT vulnerable to the Heart Bleed attack.
CA Nimsoft Monitor and CA Nimsoft Monitor Snap use 1.0.0c which is on a branch that is NOT vulnerable to the Heart Bleed attack.
For customers under support, more information is available at:
Principal Product Manager, Nimsoft Monitor
Principal Software Engineer / Security, Nimsoft Monitor
Perhaps worth noting that those using the apache ump proxy might be vulnerable. Depending on their underlaying OS.While it's not really a part of Nimsoft Monitor, some might consider it since it's provided by Nimsoft.