IT Service Management
Showing results for 
Search instead for 
Do you mean 

Heartbleed OpenSSL Vulnerability Detection – Using HP Universal Discovery & UCMDB

Karan C ‎04-24-2014 09:04 PM - edited ‎09-27-2015 07:03 PM

With assistance from Wei, Wei (Xeric, HPSW-R&D-SH) & Yue, Song (Ben, CMS R&D)

and Brian T. Miller (Sr. Product Marketing Manager)




In April 7, 2014, a serious vulnerability in the popular OpenSSL cryptographic software library was announced. Called the Heartbleed bug, the vulnerability allows anyone on the Internet to read the memory of systems protected by the vulnerable versions of the OpenSSL software.


Essentially, this compromises the secret keys used to identify service providers and to encrypt internet traffic containing authentication information of users. Attackers can then potentially eavesdrop on internet communications, steal data directly from the service providers and their users and to impersonate services and users.


A huge number of enterprise business companies were impacted in this ‘Heartbleed Bug’. With this incident, we see how security in enterprise IT environment is now more and more important than before.

This blog post describes a security solution based on HP Configuration Management System (CMS) and talks about a new way to combine the security solution and CMS technology.



Problem Statement


When it comes to the detection of OpenSSL components, most of the vulnerability scanner software only detects whether devices contains certain version of the OpenSSL components. However, the needed information of what could be impacted related to or associated with the device is completely missing and is not part of the end-to-end view. This is a big omission that prevents the full understanding of the true business/financial impact and risk mitigation.


In order to fully understand the impact of the OpenSSL component, it is important not only to discover its existence, but also to graphically demonstrate or provide a map about devices and devices’ relationship, and how they are serving applications and business services.


Let’s say that a given database server has an OpenSSL component, all of application servers could also be impacted also, as well as all of users of these applications downstream. What is necessary is to not only provide what an issue is for a given device but also demonstrate what will happen with the related enterprise IT environment.


How HP UD and UCMDB can help you detect vulnerable OpenSSL components, and understand their business impact


There are four steps involved in this solution –


1.      HP Universal Discovery – discovery of data


HP Universal Discovery has an industry-leading ability to discover infrastructure, applications and dependencies between them across an IT environment with Agent-based, Agent-less or Hybrid or Passive discovery approaches. This includes the ability to discover resources on a computer system, including, files, hardware, running software, etc.

As part of Universal Discovery’s inventory discovery, all of this discovered information is “wrapped” into a compressed file known as a Scan File. Leveraging this data, Universal Discovery recognizes and normalizes software data. You can find necessary instructions and supporting SAI files for OpenSSL detection on HP Live Network by clicking on the following link – The screenshot below shows an example of discovered OpenSSL Instances:



Figure 1, Discovered OpenSSL Instances


Note that due to the nature of OpenSSL usages in applications, it may not be possible to detect all its occurrences in an IT environment. Refer to the documentation that accompanies the patch for OpenSSL detection on HP Live Network here.


2.      Enrichment and Analysis of Discovered Data


HP Universal CMDB provides two levels of analysis from the inventory data discovered via Universal Discovery server: File Level and Application Level.

Information is captured in Scan Files which after being downloaded to the Universal Discovery Probes are processed by a component called the XML Enricher. The scan files contain detailed file information for software present on a computer, including size, signature and path. For Windows Operating System, it also has the file version, product version, type for dynamic link library and executable files.

With all of this information now collected, we can check if these files are in the list of security issue report to find out files where a security issue may reside.

These collected objects can also be analyzed for their file information collected by the Universal Discovery inventory scanners for further enrichment. Leveraging data like installed software with details such as publisher, release and version, we can also check in our list of objects if there is a security risk.

From here all of the file and application level issues can be created as Security Issue CI and linked to a Node or Installed Software CI. The screenshot below shows where the list of OpenSSL objects. And the screenshot below that then shows where the OpenSSL vulnerability is associated with installed software.



Figure 2, OpenSSL in SAI



Figure 3, Enriched OpenSSL Vulnerability


3.      Impact Analysis – to identify affected business applications


All objects are reported into HP Universal CMDB. In other words, we not only collect the information about IT objects but also create the relationships and the dependency maps for all of these objects in HP Universal CMDB. An IT manager is then able to see an end-to-end map of their enterprise IT environment infrastructure and applications along with the various dependencies between them.

With this comprehensive map or view of our data, we can then run impact analysis leveraging the Security Issue CI. If a software or node contains security issues, we know this device is insecure and at risk, thus having an impact on an application, node or business solution. Because we can provide the relationships between these objects, the owner of the application, node or business solution is able to accurately assess the impact. In the screenshot below we show where an HR System business application has a server with an OpenSSL vulnerability installed within its OpenSSL Toolkit, thus showing an end-to-end view of the risk.



Figure 4, Impact Analysis over OpenSSL Vulnerability


4.      Taking actions based on the information


Now that we can demonstrate the impact of an application to its owner, notifications can be sent out to address the vulnerability. Tickets can be created in HP Service Manager or the asset can be marked as not stable within HP Asset Manager since HP Universal CMDB/Discovery integrates out-of-the-box with both these applications, in addition to many other IT applications.




With this comprehensive four-step solution, users of UCMDB/Universal Discovery are able to quickly and dependably identify if a server/software is using the vulnerable OpenSSL component, as well as demonstrate how related business applications and solutions may be impacted via an end-to-to-end impact analysis view.


We have shown that by leveraging the functionality in HP Universal Discovery and HP Universal CMDB products, a user can collect the needed information to analyze the risks of OpenSSL vulnerabilities and map them out in a way that is easily viewable in a service map showing affected instances.


Comprehensive Impact Analysis is an out-of-the-box functionality in HP Universal CMDB.


Supporting Files and Documentation

The SAI library patch and accompanying usage documentation for detecting the Heartbleed OpenSSL vulnerability can  be downloaded from HP Live Network’s Universal Discovery community by clicking on the following link –

About the Author

Karan C

Karan Chhina is the Product Manager for HP Universal Discovery and has worked with discovery & dependency mapping and configuration management product line for the past eight years.

on ‎05-28-2014 03:23 PM

I changed my password on Ebay at their request from an attack similar to the one in this article. When I made the change and signed out I went to one of my software programs and it indicated internet failure. Then when I signed off and later turned on my computer to sign on to the computer I need a password, but when I tried that password the error message was user profile cannot be is there a solution to this ???

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all