Informatica Customer Advisory (INF-2014-001)
The “Heartbleed Bug” has been widely reported in the news recently. The problem is caused by an issue in the popular OpenSSL cryptographic software library which is used in many software products. Any product which uses the affected version of OpenSSL is vulnerable to this bug. The issue has been fixed in a new version of OpenSSL (1.0.1g) was released and replacing the affected versions of OpenSSL with this new version to removes the issue from the software products.
The Informatica software and versions which use the affected version of OpenSSL are listed below and in the Knowledge Base article 173678.
- PowerCenter 9.6,9.6.1, 9.6.1 HF1
- Data Quality, Metadata Manager, Business Glossary, Data Explorer 9.6,9.6.1, 9.6.1 HF1
- PowerCenter Express 9.6
- Data Services 9.6,9.6.1, 9.6.1 HF1
- PowerExchange 9.6,9.6.1, 9.6.1 HF1 (non-mainframe sources only)
- Vibe Data Stream 2.0
- Data Archive Advanced Edition 6.2
- Data Replication 9.5.0 and 9.5.1
Earlier versions of products listed above are not impacted.
Informatica teams are working on a high priority effort to produce updates for the affected versions of the products as soon as possible. Please refer to the KB article as to the availability of the patches and the steps to apply them.
Frequently Asked Questions (FAQs) related to this advisory:
Q1: What is the “Heartbleed Bug”
A: OpenSSL security issue CVE-2014-0160 is popularly known as the “Heartbleed Bug”. It is caused by a issue introduced into certain versions the OpenSSL cryptographic software library which is used in many software products. Please refer to http://heartbleed.com for detailed information.
Q2: What is the scope of this advisory?
A: This advisory is applicable to several Informatica products which use the affected versions of OpenSSL. Please refer to Knowledge Base article 173678
Q3: How do I know if I can potentially encounter the issue?
A: Please refer to Informatica Knowledge Base article 173678 to get more details on the issue and how to identify if you might be impacted.
Q4: Is there a workaround or patch available for this issue? How can I be notified of an available patch?
A: Patches for the products will be released as soon as they are ready, please refer to Knowledge Base article 173678 for updates on the patchs. You can subscribe to KB updates using the steps below:
To receive an email notification when an article is updated, you can subscribe to it. To subscribe to an article, perform the following:
1. On the article view page, click the “Alert me” icon.
2. Enter your email address and click the Submit button.
Q5: Whom should I contact for additional questions?
A: For all questions related to this advisory, please contact your nearest Informatica Global Customer Support center: