FWIW, here's the according CR 761751 description, as contained in the 18.104.22.16886 EBF readme:
================(Build #4086 - Engineering Case #761751)================ The OpenSSL vulnerability known as Heartbleed impacted some components of SQL Anywhere software as follows: - SQL Anywhere Server when using TLS (Transport Layer Security) communications and/or HTTPS web services, though only to the networks that can access the server. Calling external web services over HTTPS from the database server were also affected. - MobiLink Server when using TLS and/or HTTPS communications, though only to the networks that can access the MobiLink server. - Relay Server Outbound Enabler Affected Versions (note that all platforms were impacted by the vulnerability): - SQL Anywhere 12.0.1 builds 3994-4098 - SQL Anywhere 16.0 builds 1690-1880 This vulnerability has been resolved by replacing the OpenSSL libraries with corrected versions. Once this SP has been applied, regenerate any certificates that were being used, and then change any passwords/keys associated with SQLA web service calls or TLS authentication.
answered 23 Apr '14, 12:32