By default, EventSentry is not affected by the Heartbleed unless SSL is enabled on the built-in PostgreSQL database.
See below for a list of all EventSentry components:
The EventSentry Web Reports utilize Tomcat, which uses JSSE and not OpenSSL by default. If Tomcat was reconfigured to use OpenSSL instead of JSSE, then the web reports will be vulnerable (assuming that SSL was enabled).
If SSL is enabled in the PostgreSQL database, SSL traffic can be compromised and EventSentry should be updated to the latest version (v18.104.22.168 or higher). For maximum security, the certificate used with PostgreSQL should be re-generated.
If a certificate used in the EventSentry Web Reports was also used in a vulnerable OpenSSL application (e.g. PostgreSQL, Apache, ...), then the certificates should be re-generated even though the Web Reports themselves are not vulnerable.