April 11, 2014

Wave has assessed the vulnerability of all products for the specific issue described in CVE-2014-0160, commonly referred to as the Heartbleed bug. The results of the assessment and actions are summarized below:

EMBASSY Remote Administration Server (ERAS)
Not impacted by the Heartbleed bug.

EMBASSY Security Center (ESC)
Not impacted by the Heartbleed bug.

Data Protection Suite (DPS)
Not impacted by the Heartbleed bug.

Scrambls
Not impacted by the Heartbleed bug.

eSign Systems
Not impacted by the Heartbleed bug.

Knowd
Not impacted by the Heartbleed bug.

Wave Endpoint Monitor
Not impacted by the Heartbleed bug.

Wave Cloud 2014
The OpenSSL security patch was successfully applied to Wave Cloud 2014 on April 10, 2014.  As of 10:30 pm pacific time on April 10, 2014, Wave Cloud 2014 is no longer vulnerable to the Heartbleed bug. Wave will regenerate the SSL certificates and advise customers to change their passwords.  Wave will send another update as these steps are completed. 

Note that Wave has found no indication that the OpenSSL vulnerability was used to attack Wave Cloud 2014.

Questions:
If you have any specific security questions please do not hesitate to contact Wave Support: goldsupport@wave.com.

Reference:
More details on the OpenSSL vulnerability can be found here:  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 .