Does it have any impact on our mainframe or IBM storage environments ?
Well, if you do a search on the Support site, you get more than a hundred hits on 'heartbleed'. I see that practically all indicate 'not affected by the OpenSSL heartbleed vulnerability'. Let me give some of them :
- TS7650, TS7650G, TS7680
- TS7700, TS7720, TS7740
- TS3500, TS11x0, 3592-C07
- XIV Gen2
- CICS Transaction Server for VSE/ESA 1.1.1, CICS Transaction Server for z/OS
- DS8100, DS8300, DS8700, DS8800 and DS8870 prior to Release 7.2
- OpenSSH for z/OS
"XIV management and CIMOM uses SSL to provide confidentiality and integrity of management communications. This vulnerability means that an attacker can potentially compromise management communication, gaining access to user credentials and thereby to unauthorized management access of an exposed system. Since storage management is usually on an internal and separate network, exposure to this vulnerability is limited to users with access to the management network.
The impact is limited to management communication only, as XIV does not use SSL encryption in the data path".
Affected products and versions are : "XIV Gen3 systems running microcode versions 11.4.1 or 11.4.1.a are vulnerable via management and CIMOM ports. Versions 11.3.0, 11.3.0.a and 11.3.1 are vulnerable only via the CIMOM port. XIV Gen3 systems running older microcode versions are not affected. XIV Gen2 systems are not affected".
You can find all additional information for XIV Gen3 over here.