Severity Rating: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
RSA DLP 9.6
RSA DLP 9.6 SP1
RSA DLP 9.6 SP2
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode that may affect RSA DLP customers.
SSLv3 is a cryptographic protocol designed to provide communication security. The SSLv3 uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data using a padding-oracle attack. This is commonly referred to as the ""POODLE"" (Padding Oracle On Downgraded Legacy Encryption) attack. For more information see: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
The following RSA DLP release contains the resolution to this issue:
RSA DLP 220.127.116.11
RSA recommends all customers upgrade to the version listed above at the earliest opportunity.