Oracle have published MOS 1645479.1 which describes the impact of the OpenSSL/”HeartBleed” exploit on their products.
It appears that the individual components of Exadata – with the exception of OEM Cloud/Grid Control – are NOT impacted by the OpenSSL/HeartBleed bug.
Obviously, this depends on your software stack, so I urge you to read 1645479.1 as soon as possible.
Exadata-related products which, while using OpenSSL, were never vulnerable:
- Audit Vault
- Exadata (prod 2546)
- ILOM 3.2.2 and earlier
- NM2 IB switches
- NM2-36P InfiniBand switches
- Oracle Linux 5 (watch out for EL 6 – this IS vulnerable, but has a fix!)
- Oracle Secure Backup 10.2 and 10.3
- Oracle ZFS Storage Appliance
- Sun System Firmware
Exadata-related products which are likely vulnerable but have no fixes yet available:
- EM Cloud Control
- EM Grid Control
Exadata-related products which do NOT include OpenSSL:
- Linux 5