Environment
NetIQ Access Manager 4.0
NetIQ Access Manager 4.1
NetIQ Access Manager 4.2
CVE-2015-3194 (https://www.openssl.org/news/secadv/20151203.txt)
NetIQ Access Manager 4.1
NetIQ Access Manager 4.2
CVE-2015-3194 (https://www.openssl.org/news/secadv/20151203.txt)
Situation
A new vulnerability (CVE-2015-3194) has been reported at https://www.openssl.org/news/secadv/20151203.txt that is specific to the certificate verification process. NAM does use this process - is NAM vulnerable to this threat as it frequently needs to verify certificates?
Resolution
NAM is not vulnerable to this threat as it's components do not verify the x509 certs using the openssl implementation.