XMediusFAX is not affected by the Heartbleed vulnerability.
XMediusFAX and OpenSSL
All versions of XMediusFAX use a version of OpenSSL that is not affected by the Heartbleed vulnerability.
As such, the following interactions are safe from this vulnerability:
- Communications between all XMediusFAX server modules (Including the MMC Snap-In)
- Sending of faxes with SendFAX connected through the XML Gateway
- SIP TLS
Apache Tomcat (used for XMediusFAX Web applications) is also not vulnerable.
As such, it is safe to assume that the features of XMediusFAX that interact with its Web applications are safe from this vulnerability. That includes, but is not limited to:
- Accessing the Web Client, Web Administration interface, Web online help (for users and administrators), Web Service and Web Reports
- Using the Web Fax Composer Printer tool and the Fax Account Monitoring Spot tool
Internet Information Services (IIS)
Since the common XMediusFAX deployment scenario includes IIS, it can also be noted that IIS is not affected by the Heartbleed vulnerability.