- The SSFE server has two external listening ports: Port 443 (User Portal) and Port 3443 (Management Console). Both components are handled by Perlbal and the integrated OpenSSL library does not have CVE-2014-0160 HeartBleed vulnerability.
- The SSFE Windows client uses OpenSSL 1.0.1e to communicate with the server, but the SSFE Windows application is a passive client program and does not build up any HTTPS service to receive requests. So it is marked as a "LOW" risk vulnerability.
- The SSFE Android app uses OpenSSL 1.0.1e but only to encrypt files. It is not used for any connection or communication process.
Need More Help?
Create a technical support case if you need further support.
SafeSync for Enterprise (SSFE) 2.1 OpenSSL vulnerability CVE-2014-0160 (Heartbleed)
Thank you for your feedback!