Security Update: Geocortex Software and the Open SSL Vulnerability (Heartbleed)
There has recently been media attention regarding the Open SSL vulnerability (nicknamed Heartbleed). We have been receiving questions from our customers and partners about Heartbleed as it applies to Geocortex software.
Heartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of the host computer, allowing them to retrieve potentially privacy-sensitive data.
We are happy to announce that Geocortex software is NOT affected by the OpenSSL Heartbleed vulnerability.
More specifically, we don’t provide an SSL implementation within our software (OpenSSL or otherwise). Our security components recommend (and urge) that our customers implement SSL in their environment in order to secure network traffic; however, this recommendation does not require OpenSSL.
Geocortex web applications are hosted in Microsoft Windows IIS, which has an implementation of encryption that does not use OpenSSL and therefore is not vulnerable to Heartbleed.
Geocortex software extends and relies on Esri’s ArcGIS platform, so we recommend that customers ensure they understand Esri’s response to Heartbleed, which is described in a detailed knowledge base article here: