Share This:

Here is an update on SSL 3.0 POODLE and TLS POODLE vulnerability.


1. SSL 3.0 “POODLE” Security Vulnerability -- CVE-2014-3566


Please refer to the BMC support site link

for information about BMC product's update on the SSL 3.0 "POODLE" Security vulnerability.


Information specifically relevant for for BMC Remedy AR System and ITSM Suite 7.6.04, 8.0, and 8.1 and 8.8 is as follows:

  1. See support article for instructions for disabling SSL V3 in Tomcat used by Mid-Tier.
  2. If you are using the LDAP integration plug-in, BMC recommends consulting your LDAP Server documentation for turning off SSL V3 in your LDAP Server.
  3. An LDAP plug-in hotfix to allow the LDAP plug-in to use TLS for communication with LDAP Server will be available by January 31, 2015.


2. TLS POODLE issue with load balancers




--- Abhijit Rajwade