Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 4.0
TLS1.x padding vulnerability CVE-2014-8730
NetIQ Access Manager 4.0
TLS1.x padding vulnerability CVE-2014-8730
Situation
Incorrect TLS padding may be accepted when terminating TLS 1.x CBC cipher connections. (CVE-2014-8730) - is Access Manager effected by this?
Resolution
NAM is not affected by this vulnerability. The key components used by NAM in terms of this vulnerability are unaffected
- openssl (used by AG) is not affected - see https://mta.opensslfoundation.net/pipermail/openssl-users/2014-December/000025.html
- JSSE (used by IDP/ESP) is not affected
- eDirectory, iManager are not affected - https://support.microfocus.com/kb/doc.php?id=7015987
- openssl (used by AG) is not affected - see https://mta.opensslfoundation.net/pipermail/openssl-users/2014-December/000025.html
- JSSE (used by IDP/ESP) is not affected
- eDirectory, iManager are not affected - https://support.microfocus.com/kb/doc.php?id=7015987