Statement from Kyriba regarding the OpenSSL Heartbleed flaw

June 2, 2014

Kyriba clients unaffected by the vulnerability

Many of you will have seen the news highlighting the recently-discovered OpenSSL Heartbleed security flaw, and its impact on web application security.

We know that the security of our clients’ treasury management application is of paramount importance. We would like to reassure our clients, future clients and partners that Kyriba is not impacted by this flaw. The version of OpenSSL that is impacted is 1.0.1 and above. Kyriba is not using this version of OpenSSL.

As an additional layer of security, Kyriba’s firewall provider has released an update to its intrusion detection system, and this is automatically updated on Kyriba’s firewall.

Should you have any further questions, please do not hesitate to contact your account manager.

Didier Martineau, chief information security officer, Kyriba