OpenSSL 19-Mar-2015 Security Release Vulnerabilities and FREAK

  • 7021977
  • 20-Mar-2015
  • 02-Mar-2018


All Attachmate products


On 19-Mar-2015, the OpenSSL development team ( released new libraries that fix eleven reported vulnerabilities, and reclassified a FREAK vulnerability. This technical note lists applicable vulnerabilities and provides links to additional information.


Security Release Vulnerabilities Overview

Five of the eleven new OpenSSL vulnerabilities do not apply as Attachmate products do not yet use the OpenSSL 1.0.2 branch library. Another is a functionality that is not enabled in the Attachmate products and also does not apply.

Product development teams have been investigating the remaining vulnerabilities and their applicability to our products. They are:

FREAK Vulnerability Update

OpenSSL has reclassified a fix for the FREAK vulnerability (CVE-2015-0204) from Low to High: RSA silently downgrades to EXPORT_RSA [Client].

Product Status

The following table provides status information for Attachmate products, as of the Last Reviewed date of this document.

More Info
See Security Alerts - Extra!
InfoConnect products
Reflection 2014 products
See Security Alerts - Reflection Desktop
Reflection 14.1 products
Reflection for Secure IT Client for Windows
Reflection for Secure IT Server for Windows
Not vulnerable beginning in version 8.2 hotfix build 131; see
Reflection for Secure IT UNIX Client and Server
Reflection for UNIX (iOS/Android)
Not vulnerable
Reflection for the Web products
Not vulnerable
Reflection Security Gateway products
Not vulnerable
Reflection ZFE
Not vulnerable
FileXpress Gateway
Not vulnerable beginning in version 1.0 hotfix build 368; see Security Alerts - Reflection for Secure IT Gateway
Verastream Host Integrator
Not vulnerable beginning in version 7.7.30; see
Verastream Process Designer
Not vulnerable
Verastream Terminal Client
Not vulnerable
Verastream Bridge Integrator
Not vulnerable


For more information, please refer to these resources:


Security Alert

Additional Information

Legacy KB ID

This article was originally published as Attachmate technical note 2788.