Xerox Product SecurityThe Heartbleed OpenSSL Vulnerability

Version 1.0April 11, 2014

DisclaimerThe information provided in this document is provided "as is" without warranty of any kind. Xerox Corporation disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Xerox Corporation has been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential damages so the foregoing limitation may not apply.

The information in this bulletin is subject to change without notice.

©2014 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. BR9733

Other company trademarks are also acknowledged.

Document Version: 1.0 (April 2014).

Table of ContentsTable of Contents...........................................................................................i

Introduction................................................................................2An Important Point.........................................................................................2Recommended Actions.................................................................................2Legend for Product Tables............................................................................2

Hardware Products Phaser® and WorkCentre..........................3Monochrome Product Table..........................................................................3Color Product Table......................................................................................4

Software Products MPS/XOS Tools...........................................5Managed Services Product Tables...............................................................5General Markets Product Tables...................................................................5

Software Products Operations Tools.........................................7FreeFlow Print Server Tables........................................................................7FreeFlow Application Tables.........................................................................7

i

IntroductionA vulnerability has been discovered in the OpenSSL cryptographic software version 1.0.1 to 1.0.1f widely used across the Internet for banking, investment, medical and other encrypted network traffic.

The Heartbleed OpenSSL vulnerability works by allowing the certificate checking to be corrupted and traffic across a network to be monitored and some have called eavesdropping. Obviously, this presents quite a large problem for anything done with encryption, especially over the Internet.

This document lists the Xerox products and whether or not they are affected by this issue.

An Important PointThis document contains products that Xerox currently sells and some that they have re-cently stopped selling. If your product is not listed, it is probably older and therefore would have a version of OpenSSL that is not susceptible to this vulnerability.

Recommended ActionsIt is strongly recommended that to ensure data integrity that the user contact organizations to ask if they use OpenSSL and if so, have they updated the version of OpenSSL for web transactions. If they have performed this action, you should then change your user name and/or your password for the account. There are extensions for Web Browsers that allow the checking of web sites to see if they use the vulnerable versions of OpenSSL.

Legend for Product TablesThroughout this document there are tables which allow for quick answers to decide if a Xerox product is susceptible to the Heartbleed OpenSSL vulnerability.

The legend below should show how to interpret the responses. The first column indicates the type of product such as Monochrome Printer or Software name. The second column provides the rating of whether or not the product is affected and in some cases where more details about the product are required.

A third column with the explanations is provided below. The remainder of the document each table has only two columns.

Type of Product Affected MeaningPhaser® 3250 NO Product Not Affected by

VulnerabilityPhaser® 3320 YES Product Affected by

2

VulnerabilityPhaser® 3610 UI Product Under InvestigationPhaser® 4600/4620/4622 Details Product requires more Details

3

Hardware Products Phaser® and WorkCentreMonochrome Product TableMonochrome Models AffectedPhaser® 3250 NOPhaser® 3320 NOPhaser® 3610 UIPhaser® 4600/4620/4622 NOPhaser® 5550 NOWorkCentre® 3210/3220 NOWorkCentre® 3315/3325 YESPhaser® 3635MFP NOWorkCentre® 3615 UIWorkCentre® 4250/4260 NOWorkCentre® 5135/5150 NOWorkCentre® 5325/5330/5335 NOWorkCentre® 5845/5855 NOWorkCentre® 5865/5875/5890 NOD95/D110/D125® Copier/Printer UIXerox® D136® Copier/Printer and Printer UIDocuPrint® 425/850 NODocuPrint® 500/1000CF NODocuPrint® 525/1050CF NOXerox 495CF NOXerox 650/1300CF NO

4

Color Product TableColor Models AffectedPhaser® 6010 UIPhaser® 6500 UIPhaser® 6600 UIPhaser® 6700 NOPhaser® 7100 UIPhaser® 7500 NOPhaser® 7800 NOColorQube® 8570 NOColorQube® 8870 NOColorQube® 9301/9302/9303 NOWorkCentre® 6015 UIWorkCentre® 6505 UIWorkCentre® 6605 UIColorQube® 8700 NOColorQube® 8900 NOWorkCentre® 6400 NOWorkCentre® 7120/7225 NOWorkCentre® 7220/7225 NOWorkCentre® 7425/7428/7435 NOWorkCentre® 7830/7835/7845/7855 NOWorkCentre® 7755/7765/7775 NOXerox Color 560/570® UIXerox Color C75/J75 Press® UI

5

Software Products MPS/XOS ToolsManaged Services Product TablesManaged Services Software AffectedXerox Device Agent NOXerox Integration Servers NOXerox Report Manager NOPagePack Assistant NOXerox Profit & Loss Tool NOXerox Services Manager Data Warehouse NOAuto Update Server NONon Xerox Pricing Tool NOTandoori NOXerox Incident Killer NOXerox Custom Authentication Server NOXerox Office Productivity Advisor Import Tool NOXerox Web Packager NOXerox License Manager NOXerox Asset Manager NOXerox Help Desk NOSmartSend NOXerox Export Agent NOXerox Mobile Print Portal NOXerox Services Manager Contract Adapter NOPage Pack Local Assistant NOXerox Production Imaging Manager NOMPS Contractibility Catalog NOXerox Print Awareness Tool NO

General Markets Product TablesGeneral Markets Software AffectedXerox Device Agent Lite NO

6

Xerox Device Agent Partner Edition NOCentreWare® Web NO

7

Software Products Operations ToolsFreeFlow Print Server TablesFFPS Software AffectedFreeFlow® Versions 7.X, 8.X and 9.X NOFreeFlow® Versions that use Solaris/Oracle 10.X (Repaired by Oracle patch) NO

FreeFlow Application TablesFreeFlow Applications Software Affected

Confident Color

Details needed (Multi-Vendor

Product)FreeFlow® Core NOFreeFlow® Digital Publisher NOFreeFlow® Express to Print NO

FreeFlow® Fleet Navigator

Details needed (Multi-Vendor

Product)FreeFlow® Makeready™ NOFreeFlow® Output Manager™ NOFreeFlow® Print Server NOFreeFlow® Process Manager™ NOFreeFlow® Variable Information Suite NOGMC IntegratedPLUS Solution NOXerox® IntegratedPLUS Automated Color Management NOXerox® IntegratedPLUS Finishing Solution NO

ProfitQuick™

Details needed (Multi-Vendor

Product)Specialty Imaging Details

needed

8

(Multi-Vendor

Product)

9