Home > Blogs > VMware Security & Compliance Blog


VMware products and the Heartbleed OpenSSL issue, CVE-2014-0160

We have just posted VMware Knowledge Base article 2076225 with the results of our ongoing investigation into the Heartbleed OpenSSL issue. We will update the article during the investigation. VMware has products that ship with OpenSSL 1.0.1 and that are affected by the issue.

Customers are advised to review the article and direct any questions to VMware Support.

9 thoughts on “VMware products and the Heartbleed OpenSSL issue, CVE-2014-0160

  1. dave lewallen

    How is vShield impacted.

    1. Monty Ijzerman Post author

      vShield (a.k.a. vCNS) has been added to the KB at http://kb.vmware.com/kb/2076225.

  2. Kevin

    Is ESX 3.5.0 unaffected as well?

    1. Monty Ijzerman Post author

      Confirmed, ESXi/ESX 3.5 is unaffected.

  3. Pingback: VMware Newsletter 6.14 | VMware Newsletter

  4. Kasey Linden

    Does VMware have any mitigation strategies other than downgrading from vSphere 5.5 to 5.1?

  5. Pingback: New VMware Security Advisory VMSA-2014-0004 (Heartbleed) | VMware Security & Compliance Blog - VMware Blogs

  6. Max

    So… how long is it going to take for you to patch ESXi/Vcenter 5.5?

  7. Phillip

    ESXi 5.0.0 build 1489271 or vsphere client 5.0.0 build 455964 or vcenter server 5.0.0 build 913577? the list of affected is kind of confusing.

Comments are closed.