in System Administration

OpenSSL Heartbleed and SAP BusinessObjects

There has been a lot of media hype over the past few days about the recently discovered Heartbleed vulnerability in the OpenSSL libraries. Like our clients, we were concerned about the effect that this would have on SAP BusinessObjects or Tomcat. I’m happy to say that the official word from SAP as of today is that BusinessObjects is not affected.

SAP BusinessObjects Enterprise is not subject to the heartbleed vulnerability. In this release, an unaffected version of OpenSSL (version 0.9.8) is leveraged for streamworks integration only.

Furthermore, Tomcat using SSL is only affected if you enabled SSL using the Tomcat APR Native library. If Altek Solutions configured SSL on your system, we used JSSE — the default method which is not affected by Heartbleed.

For more information and to see the complete response from SAP Support, please refer to the SAP Note below.

2003582 – How does The Heartbleed Bug (OpenSSL vulnerability) affects SAP BusinessObjects Xi3.1 and Business Intelligence products 4/4.1

As always, Altek Solutions is dedicated to helping our clients deploy robust and secure SAP BusinessObjects solutions.  If you have any questions on the Heartbleed vulnerability or would like us to provide a security assessment on your system, feel free to email us at

Free Web Intelligence Best Practices Guide

We put together a Best Practices Guide for Web Intelligence Development that includes over 20 pages of tips and techniques for developing business-ready reports. Plus we'll show you the common functions that have a negative impact on performance, how to create interactive reports, the best ways to standardize look-and-feel, and much more!


Powered by ConvertKit

Write a Comment



  • SAP BusinessObjects and Poodlebleed | Altek Solutions Business Intelligence Blog

    […] the infamous Heartbleed bug earlier this year comes another security issue with SSL known as Poodlebleed. Unfortunately, this […]