IBM Support

IBM Sametime Server CVE-2014-0160

Flash (Alert)


Abstract

Sametime Community Server version 9 HF1 is impacted by the CVE-2014-0160 Heartbleed vulnerability if configured to use an OpenSSL library. No other versions/servers of IBM Sametime are vulnerable to CVE-2014-0160.

Content

CVE-2014-0160 - Heartbleed Vulnerability
If Sametime Community Server version 9 HF1 is configured to use Transport Layer Security (TLS), it uses a version of OpenSSL that is affected by this vulnerability.

The default configuration of Sametime Community Server version 9 HF1 is not affected by the OpenSSL vulnerability.

However, if Sametime Community Server version 9 HF1 is configured to use Transport Layer Security (TLS), it uses a version of OpenSSL that is affected by this vulnerability.

The following Security Bulletin contains details and links to fixes for the various platforms:


This vulnerability does NOT impact any other IBM Sametime versions or servers. The SSL that is used by IBM Sametime Servers in all other editions and all other platforms are either not using OpenSSL or are using an OpenSSL version that is not affected by the issue.

Note: TLS support is not available when the Sametime Community Server runs on IBM i.

Document information

More support for: IBM Sametime

Software version: 6.5.1, 7.0, 7.5, 7.5.1, 7.5.1.1, 7.5.1.2, 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, 9.0.0.1

Operating system(s): AIX, IBM i, Linux, Windows

Reference #: 1670015

Modified date: 10 April 2014