CA Process Automation notification regarding the "Poodle" vulnerability CVE-2014-3566.

Document ID : KB000029095
Last Modified Date : 14/02/2018
Show Technical Document Details

CA Process Automation is impacted by the "Poodle" vulnerability CVE-2014-3566, which is an exploitation of a flaw in the SSL v3.0 protocol. 

More information regarding this vulnerability can be found on the National Vulnerability page here, on Wikipedia here, or other external resources found through your favorite search engine.

 At this time the resolution for the Poodle Vulnerability in CA Process Automation requires a Patch be applied to version 4.2.2.  

This patch will update core engine files, and includes detailed post patch configuration changes to disable the SSL v3.0 protocol.

IMPORTANT: 

To address the Poodle vulnerability within CA Process Automation requires the customer to BOTH apply the patch AND make the required configuration changes (documented in the patch). Closing this vulnerability will not be achieved unless both of these tasks are performed.   

 

In order to obtain the patch to address this vulnerability, please open an issue via the CA Support page with the CA Process Automation Support Team who can provide the patch and (if required) assist with implementation.