How does the HeartBleed Bug impact the Boomi Platform (2014)

Document created by pete_mccoy1.3055586893899446E12 Employee on Apr 9, 2014Last modified by mike_aronson on Mar 20, 2017
Version 3Show Document
  • View in full screen mode
News of the Heartbleed Bug indicating that it impacts OpenSSL communication is causing concern for Boomi Atomsphere clients
Dell Boomi is aware of the Heartbleed ( vulnerability in the OpenSSL encryption and security platform utilized on workstations, servers, network devices, storage appliances and mobile devices. As soon as the heartbleed bug was identified, Dell Boomi immediately applied a patch to correct and prevent any potential security breaches.

Dell Boomi does run OpenSSL on systems throughout our infrastructure, however our production certificates and SSL traffic terminates on an appliance that has been verified by the hardware vendor to be unaffected by the Heartbleed vulnerability. Hence, external facing servers that handled customer traffic were unaffected by the Heartbleed vulnerability. Further, we have discovered no evidence that any Dell Boomi customers have been impacted by Heartbleed.
As a precaution, we have evaluated how Heartbleed could possibly affect Boomi AtomSphere and MDM and have taken the following steps to mitigate any potential issue.
Dell Boomi has scanned our public sites utilizing multiple tools to assure we are not at risk.

Dell Boomi is reissuing the certificates that our customers utilize, as a precautionary measure, although Dell Boomi is not externally vulnerable.
As of April 24, 2014 11:20 AM (EDT) all certificates have been re-issued

Dell Boomi has patched external facing servers, restarted services where necessary to unload any vulnerable software libraries.

Dell Boomi will update this article when the reissued certificates have been loaded. Once that is completed, Dell Boomi recommends that AtomSphere and MDM users to change their passwords as a precautionary measure.  Please see the Dell Boomi Reference Guide topic on password policy.

Dell Boomi shares our customers’ concerns about security and will continue to take all necessary measures to protect our customers’ data.

Please be advised that at no time were any customer facing sites affected by this. We were running an unaffected version of OpenSSL in production.