Self Service Password ResetSSPR 2.x
Could SSPR be affected by the heartbleed bug?
Is SSPR susceptible to the openssl heartbleed vulnerability reported in CVE-2014-0160?
SSPR does not utilize OpenSSL, so it is not susceptible to this security vulnerability.
There may be potential vulnerabilities for customers who front-end SSPR with Apache web server, but not for those using the default installation of SSPR on Tomcat.