- Antivirus Connector for Clustered Data ONTAP
- NetApp Manageability SDK (5.0P1 and later)
- OnCommand Unified Manager Core Package (5.x only)
- OnCommand Workflow Automation (2.2RC1 and later)
- SMI-S Agent for Data ONTAP
- SMI-S Agent for E-Series
The Heartbleed Bug is serious security vulnerability in OpenSSL 1.0.1 releases prior to 1.0.1g, which allow remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read. This is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension packets.
Until software fixes are issued for the affected products, NetApp recommends implementing Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) products available from third parties to stop an attack.
NetApp will continue to update their advisory, entitled “NTAP-20140410-heartbleed”, as more information becomes available.