The OpenSSL-Vulnerability "Heartbleed" got a lot of media attention last week. And it is important to check your systems for any leaks or risks!Esri uses the OpenSSL-Libraries, and immediately tested all Online-systems and products.This Knowledge Base Technical Article lists all systems and products and how/if they are affected. Please read this article carefully and act as recommended.In summary - the risks are minor:
- Many Esri products and Online systems either do not use OpenSSL or in a way that exposes no risk
- All Online-Systems have been updated where necessary. Still - changing passwords from time to time is advised
- The Esri GlobalAccount-Systemis not affected
- SynerGIS WebOffice does not use OpenSSL
- ArcGIS for Server (Linux), when using Print Services and remote Publishing Services - there is an extra Knowledge Base Artikel (KB 42407) and a Patch is available for this
- All Web Gateways (NOT Esri Products!), like reverse Proxy Configurations or NAT, that use OpenSSL, have to be checked. Please refer to the information provided by the respective vendor
- Heartbleed.com
- FAQ forArcGIS for Server / Portal for ArcGIS and Heartbleed (CVE-2014-0160)