The heartbleed bug is described here.

CatDV uses Tomcat as its built in web server. Using a default CatDV installation, the embedded web server does not implement SSL and is therefore not affected by the Heartbleed vulnerability.

CatDV also supports external web servers that may be set up by CatDV integrators, resellers, distributors and customers.  If an external web server is being used it should be reviewed to identify whether it has been configured to use SSL / HTTPS. If SSL is being used the web server software should be updated according to the maker’s instructions to avoid any Heartbleed risk.