ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Encryption Products Vulnerability to the “POODLE" (CVE-2014-3566)

book

Article ID: 161340

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption PGP Command Line Encryption Management Server Endpoint Encryption File Share Encryption Powered by PGP Technology Gateway Email Encryption

Issue/Introduction

Are Symantec Encryption products vulnerable to the “POODLE" vulnerability (CVE-2014-3566)?

Resolution

None of the Symantec Encryption products are vulnerable, but some of the Encryption products can potentially be affected by the “POODLE” vulnerability. See the following table for a list of each of the Encryption products and how they are affected.

For more information about the POODLE vulnerability, see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566.

Also see the Symantec blog posting at http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

Product Impact Mitigation Plan
Symantec Encryption Desktop,

Symantec Drive Encryption,

PGP Desktop,

PGP Whole Disk Encryption,

PGP Command Line
Not Affected NA
Symantec Endpoint Encryption Management Server only

(includes SEE Full Disk 8.2.1, SEE Removable Storage 8.2,1, and Symantec Endpoint Encryption v 11.0.0)
Affected (not vulnerable in default configuration) See article TECH225778 for more information.
Symantec Encryption Management Server, PGP Universal Server Affected (not vulnerable) See article TECH225779 for more information.

 

 

 

Attachments

POODLE_Vulnerability_Encryption.pdf get_app