Share This:

Here is an update on SSL 3.0 POODLE and TLS POODLE vulnerability.

 

1. SSL 3.0 “POODLE” Security Vulnerability -- CVE-2014-3566

 

Please refer to the BMC support site link

  http://www.bmc.com/support/support-news/SSL_3_0_POODLE_Security_Vulnerability_CVE_2014_3566.html

for information about BMC product's update on the SSL 3.0 "POODLE" Security vulnerability.

 

Information specifically relevant for for BMC Remedy AR System and ITSM Suite 7.6.04, 8.0, and 8.1 and 8.8 is as follows:

  1. See support article https://kb.bmc.com/infocenter/index?page=content&id=S:KA418664 for instructions for disabling SSL V3 in Tomcat used by Mid-Tier.
  2. If you are using the LDAP integration plug-in, BMC recommends consulting your LDAP Server documentation for turning off SSL V3 in your LDAP Server.
  3. An LDAP plug-in hotfix to allow the LDAP plug-in to use TLS for communication with LDAP Server will be available by January 31, 2015.

 

2. TLS POODLE issue with load balancers

 

 

Regards

--- Abhijit Rajwade