Hi there
The short answer is that older versions 2.0(8d) are vulnerable. The problem relates to OpenSSL version. To check what version you have, Telnet to port 80 and the interaction will terminate but, the response will include the OpenSSL version in use.
The OpenSSL advisory shows a total of 16 vulnerabilities have been identified. Five of them are specific to OpenSSL 1.1.0. These (five) do not affect UCS because Cisco is not yet using 1.1.0.
Fix for Cisco UCS will be released on 30th Nov/2016. This release will be 3.0.0.
Kind regards ... Palani