FWIW, here's the according CR 761751 description, as contained in the 12.0.1.4086 EBF readme:

    ================(Build #4086  - Engineering Case #761751)================

    The OpenSSL vulnerability known as Heartbleed impacted some components of 
    SQL Anywhere software as follows:
     - SQL Anywhere Server when using TLS (Transport Layer Security) communications 
    and/or HTTPS web services, though only to the networks that can access the 
    server. Calling external web services over HTTPS from the database server 
    were also affected.

     - MobiLink Server when using TLS and/or HTTPS communications, though only 
    to the networks that can access the MobiLink server.

     - Relay Server Outbound Enabler

    Affected Versions (note that all platforms were impacted by the vulnerability):
     - SQL Anywhere 12.0.1 builds 3994-4098
     - SQL Anywhere 16.0 builds 1690-1880

    This vulnerability has been resolved by replacing the OpenSSL libraries 
    with corrected versions. Once this SP has been applied, regenerate any certificates 
    that were being used, and then change any passwords/keys associated with 
    SQLA web service calls or TLS authentication.