xMatters was recently notified of a vulnerability affecting certain versions of OpenSSL. xMatters is not susceptible to this vulnerability.
This vulnerability can only be exploited if both server and client are vulnerable. Since xMatters is not susceptible, there is no risk of exploitation should client systems have the vulnerability.
The CCS Injection vulnerability (CVE-2014-0224) could allow for a man-in-the-middle attack against an encrypted connection, making it possible for an attacker to intercept an encrypted data stream and allowing them to decrypt it, view and then manipulate this data. Due to the nature of this vulnerability, certificate key information is not at risk so there is no need to reissue keys or certificates.
For more information please see:
xMatters Cloud Operations Team
JDN-4705 Originally created by Nick DeSimone