erwin Data Modeler, erwin Mart Server, and the erwin Web Portal are NOT affected by the Heartbleed... - CA Technologies ERwin Knowledge Base
Description: ERwin Data Modeler, ERwin Mart Server, and the ERwin Web Portal are NOT affected by the Heartbleed security bug
The mart server does not have the Heartbleed bug because we do not use the authentication module of Open-SSL in both the client and the server side. We only use the tool to download the certificate from the server.
The version of open-ssl in ERwin DM is 0.98g, which is not affected by Heartbleed.
The tcnative-1.dll of Tomcat 7.0.1 (Mart) 1 is on version 1.1.20, which is not affected, and in addition, we do not use native mode for SSL, we use JSSE, which is not vulnerable.
Per the Web Portal:
We see no vulnerabilities inherent in MIMM which would be due to the OpenSSL Hearbleed vulnerability. In fact, Java does not use OpenSSL. Of course, Tomcat can be configured to use SSL, but the default configuration we ship uses the Java JSSE implementation and not the OpenSSL one. We do not ship OpenSSL directly. Thus, the determination must be made by the customer as to whether they have implemented SSL using OpenSSL. However, nothing inherent in the product and nothing delivered with the product has any such vulnerabilities.