There has been a lot of media hype over the past few days about the recently discovered Heartbleed vulnerability in the OpenSSL libraries. Like our clients, we were concerned about the effect that this would have on SAP BusinessObjects or Tomcat. I’m happy to say that the official word from SAP as of today is that BusinessObjects is not affected.
SAP BusinessObjects Enterprise is not subject to the heartbleed vulnerability. In this release, an unaffected version of OpenSSL (version 0.9.8) is leveraged for streamworks integration only.
Furthermore, Tomcat using SSL is only affected if you enabled SSL using the Tomcat APR Native library. If Altek Solutions configured SSL on your system, we used JSSE — the default method which is not affected by Heartbleed.
For more information and to see the complete response from SAP Support, please refer to the SAP Note below.
As always, Altek Solutions is dedicated to helping our clients deploy robust and secure SAP BusinessObjects solutions. If you have any questions on the Heartbleed vulnerability or would like us to provide a security assessment on your system, feel free to email us at firstname.lastname@example.org.
Free Web Intelligence Best Practices Guide
We put together a Best Practices Guide for Web Intelligence Development that includes over 20 pages of tips and techniques for developing business-ready reports. Plus we'll show you the common functions that have a negative impact on performance, how to create interactive reports, the best ways to standardize look-and-feel, and much more!
GET YOUR FREE COPY OF THE GUIDE TODAY!