search cancel

Is Symantec Security Information Manager (SSIM) 4.8.x vulnerable to the "POODLE" vulnerability (CVE-2014-3566)?


Article ID: 161310


Updated On:


Security Information Manager


POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher-text using a padding oracle side-channel attack.


Symantec is aware that SSIM 4.8.x  is vulnerable on port 443 to the "POODLE" vulnerability.

To address this vulnerability, we recommend customers  use the FIPS operational mode.

SSIM itself can be configured to disallow SSLv3.
The ITDS server (TCP port 636) has the FIPS operational mode enabled by default and therefore disallows SSLv3 traffic.
The FIPS operational mode can be enabled  for the IBM HTTP server (TCP port 443) to disallow SSLv3.
In the directory /opt/Symantec/simserver/bin you will find the script to switch on the FIPS operational mode for the IBM HTTP server.

./ --status
That will tell you if the FIPS operational mode is enabled.

./ –on
That will turn on the FIPS operational mode, which will disallow SSLv3 traffic.

./ –off
That will turn off the FIPS operational mode and will allow SSLv3 traffic.
So once the FIPS operational mode is turned on, SSLv3 traffic is disallowed.  On the agent side FIPS mode is turned on by default.



Applies To


SSIM 4.8.x