Customer Security Notice on CVE-2014-0160 / OpenSSL ‰Heartbleed‰ Disclosure

The engineering team at Core Informatics has been working to assess the impact for our customers in the wake of April 7th‰’s disclosure ofOpenSSL CVE-2014-0160, known as‰Heartbleed‰.

Audit Results

Core Informatics public services are not impacted by a version of OpenSSL with the ‰Heartbleed‰ vulnerability. The Core Informatics website, license server, hosted CoreLims implementations were checked and tested for vulnerable versions of OpenSSL. Further, although Core Lims utilizes Amazon Web Services, our service is not served through productsthat were discovered to be vulnerable.

Further Resources for Heartbleed Help

Everyone deploying production services on the Internet is working to mitigate the effects of this vulnerability. Here is a quick roundup of resources we found useful in our response to this disclosure:

As always, if you have any questions about the security regarding your Core Lims implementation, contact us atinfo@coreinformatics.com. We‰’ll continue to monitor this issue as the community and vendors investigate this vulnerability further.

Leave a Comment