Views:

What Trend Micro products are affected?

Product/Version	Component Affected	Severity	Solution/Additional Information
Deep Security 8.0, 9.0	Deep Security Relay (DSR)	Very Low	Critical Patch
SafeSync for Enterprise 2.1	Windows Client	NA	Critical Patch
Serverprotect for Linux (SPLX) 3.0	Admin UI	Very Low	Critical Patch
Endpoint Application Control (TMEAC) 1.0	Apache Tomcat web server package	Low	Critical Patch
Portable Security (TMPS) 2.0	Remote Communication Module	Low	Critical Patch
House Call 8.0	SmartScan	Very Low	Fixed through ActiveUpdate (AU)
InterScan Messaging Security Suite (IMSS) for Linux 7.1 SP1	SmartScan	Very Low	Critical patch will be released on May 15
InterScan Messaging Security Virtual Appliance (IMSVA) 8.5 and 8.5 SP1	SmartScan	Very Low	Critical patch will be released on May 15
OfficeScan (OSCE) 11.0*	SmartScan	Very Low	Critical Patch
Titanium 7.0 and 7.2	SmartScan	Very Low	Fixed via Active Update (AU)
Worry Free Business Security (WFBS) 9.0*	SmartScan	Very Low	Repacked full installer as well as Critical Patch 1439

Affected only if the server is configured to use SmartScan as the default scan method. When traditional scan is used, the product is not affected by the vulnerability.

What Trend Micro products are not affected?

Product	Version	Affected?	Notes
Advanced Reporting and Management (ARM)	1.0, 1.5, 1.6	No	Not using OpenSSL 1.01~1.01f
Case Diagnostic Tool (CDT)	2.0, 2.6	No	Not using OpenSSL
Core Protection Module (CPM)	1.6, 10.5, 10.6, 10.6 SP1, 10.6 SP2	No	Not using OpenSSL 1.01~1.01f
Core Protection Module (CPM) for Mac	1.1	No	Not using OpenSSL 1.01~1.01f
CSC (Stargate)	6.6	No	Not using OpenSSL 1.01~1.01f
DDA (Deep Discovery Advisor)	2.95, 3.0, 3.0 SP1, 3.1	No	Not using OpenSSL 1.01~1.01f
DDI (Deep Discovery Inspector)	3.0, 3.1, 3.2, 3.5, 3.6	No	Not using OpenSSL 1.01~1.01f
Deep Edge 300	1.5, 2.0, 2.1	No	Not using OpenSSL 1.01~1.01f
Deep Security for Web Apps	2	No	Not using OpenSSL
Data Loss Prevention (DLP)	3.1, 5.0, 5.2, 5.5, 5.6, 5.7	No	Not using OpenSSL 1.01~1.01f
Email Security Platform for Service Providers - White Label	3	No	Not using OpenSSL 1.01~1.01f
eManager	5.22, 5.5, 5.7, 6, 6.6, 6.7	No	Not using OpenSSL
eManager(V6.8+)	6.8, 7.0, 7.1, 7.5	No	Not using OpenSSL 1.01~1.01f
Facebook Privacy Scan App (FPSA)		No	Not using OpenSSL 1.01~1.01f
Hosted Email Security (IMHS)	1.9, 2.0	No	Not using OpenSSL 1.01~1.01f
HouseCall	7.1	No	Not using OpenSSL
HouseCall_OEM	7.1 JP	No	Not using OpenSSL
InterScan Gateway Security Appliance (IGSA)	1.5(TW, JP)	No	Not using OpenSSL 1.01~1.01f
IM Security	1.5, 1.51	No	Not using OpenSSL
InterScan Messaging Security Appliance (IMSA)	7	No	Not using OpenSSL 1.01~1.01f
InterScan Messaging Security Suite (IMSS)	7.0, 7.0 SP1,7.1, 7.1 SP1 Win	No	Not using OpenSSL 1.01~1.01f
InterScan Messaging Security Virtual Appliance (IMSVA)	7.0, 8.0, 8.2	No	Not using OpenSSL 1.01~1.01f
ISSS (Integrated Smart Scan Server)	1	No	Not using OpenSSL 1.01~1.01f
InterScan VirusWall (ISVW)	7	No	Not using OpenSSL 1.01~1.01f
ISVW for SMB	7	No	Not using OpenSSL 1.01~1.01f
iTIS	2	No	Not using OpenSSL
iTIS	3	No	Not using OpenSSL
iTMMS	1	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security Appliance (IWSA)	3.1 SP1	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security as a Service (IWSaaS)	1.8	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security Suite (IWSS)	3.1	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security Virtual Appliance (IWSVA)	5.0, 5.1, 5.5, 5.6, 6.0(EN)	No	Not using OpenSSL 1.01~1.01f
Licensing Management Portal (LMP)		No	Not using OpenSSL
Network VirusWall Enforcer (NVWE)	1.3(JP), 1.8(JP), 2.0 & SP1 ,3.0, 3.1(EN), 3.2(EN, JP)	No	Not using OpenSSL 1.01~1.01f
OfficeScan (OSCE)	8.0 SP1, 10, 10 SP1, 10.5, 10.6, 10.6 SP1, 10.6 SP2, 10.6 SP3	No	Not using OpenSSL 1.01~1.01f
OfficeScan (OSCE) Toolbox	1	No	Not using OpenSSL 1.01~1.01f
PortalProtect	2.0, 2.1	No	Not using OpenSSL
PortalProtect	2.0, 2.1	No	Not using OpenSSL
ProtectLink	1	No	Not using OpenSSL 1.01~1.01f
Rootkit Buster		No	Not using OpenSSL
SafeSync	5	No	Not using OpenSSL 1.01~1.01f
SafeSync for Business	5.1	No	Not using OpenSSL 1.01~1.01f
SafeSync for xSP	2	No	Not using OpenSSL 1.01~1.01f
SafeSync Mobile	1.2	No	Not using OpenSSL 1.01~1.01f
ScanMail for Exchange (SMEX)	10, 10 SP1, 10.2, 10.2 SP2, 11	No	Not using OpenSSL
ScanMail for IBM Domino (SMID)	5.6	No	Not using OpenSSL 1.01~1.01f
ScanMail for Lotus Domino (SMLD)	3.0, 3.1, 5.0, 5.5	No	Not using OpenSSL 1.01~1.01f
ScanMail Mobile Security for Exchange (SMMS)	1	No	Not using OpenSSL
SecureCloud	2.0, 3.0, 3.5, 3.6	No	Not using OpenSSL 1.01~1.01f
ServerProtect Windows/Netware (SPNT)	5.7, 5.8	No	Not using OpenSSL
Smart Protection Server (SPS)	3.0	No	Not using OpenSSL 1.01~1.01f
Smart Surfing	1.6	No	Not using OpenSSL
Threat Discovery Appliance (TDA)	2, 2.5, 2.55, 2.6	No	Not using OpenSSL 1.01~1.01f
Titanium/TIS	Titanium (6.x/5.x/3.x/2.x), TIS(17.x/16.x)	No	Not using OpenSSL 1.01~1.01f
Control Manager (TMCM)	5.5, 6.0, 6.0 SP1	No	Not using OpenSSL 1.01~1.01f
TMDP (Direct Pass)	1.36, 1.8, 1.9	No	Not using OpenSSL
Endpoint Encryption (TMEE)	5.5, 5.6, 5.7, 5.8	No	Not using OpenSSL
Endpoint Encryption (TMEE) Data Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) Drive Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) File Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) Key Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) Policy Server	3.1, 5.0	No	Not using OpenSSL
Trend Micro Email Encryption Gateway (TMEEG)	5, 5.5	No	Not using OpenSSL 1.01~1.01f
Information Center (TMIC)	2.5	No	Not using OpenSSL 1.01~1.01f
Mobile Backup and Restore (MBR)	1.2, 1.3.1, 1.4	No	Not using OpenSSL 1.01~1.01f
Mobile Security (TMMS) for Cellcom	2.1	No	Not using OpenSSL 1.01~1.01f
Mobile Security (TMMS) for Consumer	1.2, 2.0, 2.1, 2.2, 2.5, 2.6, 3.0, 3.1, 3.5, 5.05	No	Not using OpenSSL
Mobile Security (TMMS) for Enterprise	5.0, 5.1,5.5, 7.0, 7.1, 8.0, 9.0	No	Not using OpenSSL 1.01~1.01f
Mobile Security (TMMS) for KDDI	2.0, 2.1	No	Not using OpenSSL
Mobile Security (TMMS) for NTTW	2.0, 2.0.1	No	Not using OpenSSL
Mobile Security (TMMS) for OEM	2.1, 2.1.1, 2.2, 3.1, 3.5	No	Not using OpenSSL
Online Guardian (TMOG)	1.0, 1.5, 1.6,1.8	No	Not using OpenSSL
Online Guardian (TMOG)-Server	1	No	Not using OpenSSL
Trend Micro Kids Safety Protection for PS3	1	No	Not using OpenSSL
Trend Micro Longevity	3	No	Not using OpenSSL
Trend Micro Web Security for PS3	1	No	Not using OpenSSL
Trend Secure - My Account		No	Not using OpenSSL 1.01~1.01f
Worry-Free Business Security Standard/Advanced (WFBS)	5.1, 6.0, 7.0, 8.0	No	Not using OpenSSL 1.01~1.01f
WFMS	2	No	Not using OpenSSL 1.01~1.01f
Worry-Free Remote Manager (WFRM)	2.5, 2.6, 3.0, 3.1	No	Not using OpenSSL 1.01~1.01f

What if my product is not listed?

If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and it’s impact on your product. As soon as the analysis is completed, the product will be added in the list.

What if I have additional questions?

For additional inquiries, contact Trend Micro Technical Support.

Keywords: Heartbleed bug,heart bleed vulnerability, OpenSSL 1.0.1 Vulnerability

Trend Micro products and the Heartbleed Bug - [CVE-2014-0160] OpenSSL 1.0.1 Vulnerability

Product / Version includes:

ServerProtect for Microsoft Windows/Novell NetWare5.8 , Interscan Web Security Virtual Appliance6.5

Last updated: 2021/10/10

Solution ID: KA-0004086

Category: Troubleshoot

Summary

What is Heartbleed?

The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. OpenSSL is an implementation of the SSL/TLS encryption protocol used to protect the privacy of Internet communications. OpenSSL is used by many web sites and other applications such as email, instant messaging and VPNs.
Heartbleed allows an attacker to read the memory of systems using certain versions of OpenSSL, potentially allowing them to access usernames, password, or even the secret security keys of the server. Obtaining these keys can allow malicious users to observe all communications on that system, allowing further exploit.

Who is impacted by Heartbleed?

Given that this vulnerability has existed for at least two years, an organization that has deployed servers running OpenSSL versions 1.0.1 through 1.0.1f in that period is likely vulnerable to the Heartbleed Bug and should take immediate steps to remediate.

While there are some initial reports of attacks based on the Heartbleed vulnerability, these are preliminary reports and it should be noted that it is very difficult to determine if this attack has occurred in the past. Accordingly, even if an organization is not currently vulnerable, it may have been in the past and it should therefore take immediate steps to remediate if they have deployed the vulnerable OpenSSL versions.

Because some of Trend Micro’s products are using the affected OpenSSL version, these products are affected by this vulnerability. This article contains the list of products that are affected and the recommended action to take to eliminate the risks. Also included in this article is a list of products that are not affected by this vulnerability.

What Trend Micro products are affected?

Product/Version	Component Affected	Severity	Solution/Additional Information
Deep Security 8.0, 9.0	Deep Security Relay (DSR)	Very Low	Critical Patch
SafeSync for Enterprise 2.1	Windows Client	NA	Critical Patch
Serverprotect for Linux (SPLX) 3.0	Admin UI	Very Low	Critical Patch
Endpoint Application Control (TMEAC) 1.0	Apache Tomcat web server package	Low	Critical Patch
Portable Security (TMPS) 2.0	Remote Communication Module	Low	Critical Patch
House Call 8.0	SmartScan	Very Low	Fixed through ActiveUpdate (AU)
InterScan Messaging Security Suite (IMSS) for Linux 7.1 SP1	SmartScan	Very Low	Critical patch will be released on May 15
InterScan Messaging Security Virtual Appliance (IMSVA) 8.5 and 8.5 SP1	SmartScan	Very Low	Critical patch will be released on May 15
OfficeScan (OSCE) 11.0*	SmartScan	Very Low	Critical Patch
Titanium 7.0 and 7.2	SmartScan	Very Low	Fixed via Active Update (AU)
Worry Free Business Security (WFBS) 9.0*	SmartScan	Very Low	Repacked full installer as well as Critical Patch 1439

Affected only if the server is configured to use SmartScan as the default scan method. When traditional scan is used, the product is not affected by the vulnerability.

What Trend Micro products are not affected?

Product	Version	Affected?	Notes
Advanced Reporting and Management (ARM)	1.0, 1.5, 1.6	No	Not using OpenSSL 1.01~1.01f
Case Diagnostic Tool (CDT)	2.0, 2.6	No	Not using OpenSSL
Core Protection Module (CPM)	1.6, 10.5, 10.6, 10.6 SP1, 10.6 SP2	No	Not using OpenSSL 1.01~1.01f
Core Protection Module (CPM) for Mac	1.1	No	Not using OpenSSL 1.01~1.01f
CSC (Stargate)	6.6	No	Not using OpenSSL 1.01~1.01f
DDA (Deep Discovery Advisor)	2.95, 3.0, 3.0 SP1, 3.1	No	Not using OpenSSL 1.01~1.01f
DDI (Deep Discovery Inspector)	3.0, 3.1, 3.2, 3.5, 3.6	No	Not using OpenSSL 1.01~1.01f
Deep Edge 300	1.5, 2.0, 2.1	No	Not using OpenSSL 1.01~1.01f
Deep Security for Web Apps	2	No	Not using OpenSSL
Data Loss Prevention (DLP)	3.1, 5.0, 5.2, 5.5, 5.6, 5.7	No	Not using OpenSSL 1.01~1.01f
Email Security Platform for Service Providers - White Label	3	No	Not using OpenSSL 1.01~1.01f
eManager	5.22, 5.5, 5.7, 6, 6.6, 6.7	No	Not using OpenSSL
eManager(V6.8+)	6.8, 7.0, 7.1, 7.5	No	Not using OpenSSL 1.01~1.01f
Facebook Privacy Scan App (FPSA)		No	Not using OpenSSL 1.01~1.01f
Hosted Email Security (IMHS)	1.9, 2.0	No	Not using OpenSSL 1.01~1.01f
HouseCall	7.1	No	Not using OpenSSL
HouseCall_OEM	7.1 JP	No	Not using OpenSSL
InterScan Gateway Security Appliance (IGSA)	1.5(TW, JP)	No	Not using OpenSSL 1.01~1.01f
IM Security	1.5, 1.51	No	Not using OpenSSL
InterScan Messaging Security Appliance (IMSA)	7	No	Not using OpenSSL 1.01~1.01f
InterScan Messaging Security Suite (IMSS)	7.0, 7.0 SP1,7.1, 7.1 SP1 Win	No	Not using OpenSSL 1.01~1.01f
InterScan Messaging Security Virtual Appliance (IMSVA)	7.0, 8.0, 8.2	No	Not using OpenSSL 1.01~1.01f
ISSS (Integrated Smart Scan Server)	1	No	Not using OpenSSL 1.01~1.01f
InterScan VirusWall (ISVW)	7	No	Not using OpenSSL 1.01~1.01f
ISVW for SMB	7	No	Not using OpenSSL 1.01~1.01f
iTIS	2	No	Not using OpenSSL
iTIS	3	No	Not using OpenSSL
iTMMS	1	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security Appliance (IWSA)	3.1 SP1	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security as a Service (IWSaaS)	1.8	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security Suite (IWSS)	3.1	No	Not using OpenSSL 1.01~1.01f
InterScan Web Security Virtual Appliance (IWSVA)	5.0, 5.1, 5.5, 5.6, 6.0(EN)	No	Not using OpenSSL 1.01~1.01f
Licensing Management Portal (LMP)		No	Not using OpenSSL
Network VirusWall Enforcer (NVWE)	1.3(JP), 1.8(JP), 2.0 & SP1 ,3.0, 3.1(EN), 3.2(EN, JP)	No	Not using OpenSSL 1.01~1.01f
OfficeScan (OSCE)	8.0 SP1, 10, 10 SP1, 10.5, 10.6, 10.6 SP1, 10.6 SP2, 10.6 SP3	No	Not using OpenSSL 1.01~1.01f
OfficeScan (OSCE) Toolbox	1	No	Not using OpenSSL 1.01~1.01f
PortalProtect	2.0, 2.1	No	Not using OpenSSL
PortalProtect	2.0, 2.1	No	Not using OpenSSL
ProtectLink	1	No	Not using OpenSSL 1.01~1.01f
Rootkit Buster		No	Not using OpenSSL
SafeSync	5	No	Not using OpenSSL 1.01~1.01f
SafeSync for Business	5.1	No	Not using OpenSSL 1.01~1.01f
SafeSync for xSP	2	No	Not using OpenSSL 1.01~1.01f
SafeSync Mobile	1.2	No	Not using OpenSSL 1.01~1.01f
ScanMail for Exchange (SMEX)	10, 10 SP1, 10.2, 10.2 SP2, 11	No	Not using OpenSSL
ScanMail for IBM Domino (SMID)	5.6	No	Not using OpenSSL 1.01~1.01f
ScanMail for Lotus Domino (SMLD)	3.0, 3.1, 5.0, 5.5	No	Not using OpenSSL 1.01~1.01f
ScanMail Mobile Security for Exchange (SMMS)	1	No	Not using OpenSSL
SecureCloud	2.0, 3.0, 3.5, 3.6	No	Not using OpenSSL 1.01~1.01f
ServerProtect Windows/Netware (SPNT)	5.7, 5.8	No	Not using OpenSSL
Smart Protection Server (SPS)	3.0	No	Not using OpenSSL 1.01~1.01f
Smart Surfing	1.6	No	Not using OpenSSL
Threat Discovery Appliance (TDA)	2, 2.5, 2.55, 2.6	No	Not using OpenSSL 1.01~1.01f
Titanium/TIS	Titanium (6.x/5.x/3.x/2.x), TIS(17.x/16.x)	No	Not using OpenSSL 1.01~1.01f
Control Manager (TMCM)	5.5, 6.0, 6.0 SP1	No	Not using OpenSSL 1.01~1.01f
TMDP (Direct Pass)	1.36, 1.8, 1.9	No	Not using OpenSSL
Endpoint Encryption (TMEE)	5.5, 5.6, 5.7, 5.8	No	Not using OpenSSL
Endpoint Encryption (TMEE) Data Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) Drive Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) File Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) Key Armor	3.0, 5.0	No	Not using OpenSSL
Endpoint Encryption (TMEE) Policy Server	3.1, 5.0	No	Not using OpenSSL
Trend Micro Email Encryption Gateway (TMEEG)	5, 5.5	No	Not using OpenSSL 1.01~1.01f
Information Center (TMIC)	2.5	No	Not using OpenSSL 1.01~1.01f
Mobile Backup and Restore (MBR)	1.2, 1.3.1, 1.4	No	Not using OpenSSL 1.01~1.01f
Mobile Security (TMMS) for Cellcom	2.1	No	Not using OpenSSL 1.01~1.01f
Mobile Security (TMMS) for Consumer	1.2, 2.0, 2.1, 2.2, 2.5, 2.6, 3.0, 3.1, 3.5, 5.05	No	Not using OpenSSL
Mobile Security (TMMS) for Enterprise	5.0, 5.1,5.5, 7.0, 7.1, 8.0, 9.0	No	Not using OpenSSL 1.01~1.01f
Mobile Security (TMMS) for KDDI	2.0, 2.1	No	Not using OpenSSL
Mobile Security (TMMS) for NTTW	2.0, 2.0.1	No	Not using OpenSSL
Mobile Security (TMMS) for OEM	2.1, 2.1.1, 2.2, 3.1, 3.5	No	Not using OpenSSL
Online Guardian (TMOG)	1.0, 1.5, 1.6,1.8	No	Not using OpenSSL
Online Guardian (TMOG)-Server	1	No	Not using OpenSSL
Trend Micro Kids Safety Protection for PS3	1	No	Not using OpenSSL
Trend Micro Longevity	3	No	Not using OpenSSL
Trend Micro Web Security for PS3	1	No	Not using OpenSSL
Trend Secure - My Account		No	Not using OpenSSL 1.01~1.01f
Worry-Free Business Security Standard/Advanced (WFBS)	5.1, 6.0, 7.0, 8.0	No	Not using OpenSSL 1.01~1.01f
WFMS	2	No	Not using OpenSSL 1.01~1.01f
Worry-Free Remote Manager (WFRM)	2.5, 2.6, 3.0, 3.1	No	Not using OpenSSL 1.01~1.01f

What if my product is not listed?

What if I have additional questions?

For additional inquiries, contact Trend Micro Technical Support.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Trend Micro products and the Heartbleed Bug - [CVE-2014-0160] OpenSSL 1.0.1 Vulnerability

Trend Micro products and the Heartbleed Bug - [CVE-2014-0160] OpenSSL 1.0.1 Vulnerability

Product / Version includes:

Summary