NetIQ Sentinel 7.1
NetIQ Sentinel 7.2
NetIQ Sentinel Log Manager 1.2
NetIQ Security Manager 6.5.4
A new announcement came that there was a Poodle variant re purposed to attack TLS (CVE-2014-8730).
For more information about Sentinel and CVE-2014-3566 'POODLE', see TID#7016068
This vulnerability is not in the TLS protocol itself but in how it is implemented. The components of Sentinel, Sentinel Log Manager and Security Manager use the following TLS implementations which are not affected by this vulnerability:
- Java Secure Socket Extension (JSSE) is not affected.
- The version of Mozilla Network Security Services (NSS)
used is later than 3.12.7 which is not affected. NSS has fixed this
vulnerability in version 3.12.7 - see https://bugzilla.mozilla.org/show_bug.cgi?id=571796.
- OpenSSL is not affected - see https://mta.opensslfoundation.net/pipermail/openssl-users/2014-December/000025.html.
- Microsoft Secure Channel (Schannel) is not affected.
- Check Point OPSEC Software Development Kit (SDK) is not affected - see https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103683.