McAfee ePO 5.0.1 and later — Update on POODLE (CVE-2014-3566) OpenSSL Vulnerability

McAfee has determined that customers who upgraded to ePO 5.0.1 and later FROM ePO 4.x version may be vulnerable to the POODLE OpenSSL 3.0 vulnerability (CVE-2014-3566) due to a Java security setting migration issue. SSL protocol 3.0, as used in Tomcat 5.5.x and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-Oracle attack, such as the POODLE issue. The security configuration for ePO 5.0.0 and later disables the SSLv3 protocol by default for clean installations of ePO. However, ePO 5.0.1 and later versions may be vulnerable if they have been upgraded from a previous ePO 4.x version. For more information on resolution please visit the ePolicy Orchestrator Sustaining Engineering Statement (SSC1410161) provided by McAfee