Response to the OpenSSL (Heartbleed) Vulnerability
Last Updated: April 11, 2014
The CA Technologies Product Vulnerability Response Team has reviewed our product portfolio and confirmed that IdentityMinder does NOT utilize a vulnerable version of OpenSSL 1.0.1 ("Heartbleed").
IM Java components do not use OpenSSL libraries, we use the RSA JSafe libraries.
The Provisioning components use 0.9.8.x OpenSSL library which is not vulnerable.