Impact
The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that user, accessing database content, etc.).
NetMaster 12.1 WebCenter component is affected by this vulnerability
Solution
For NetMaster customers that are currently using the WebCenter interface with SSL support enabled, we are removing SSL support and replacing that with TLS (Transport Layer Security).
Please download and apply PTF RO75497 and follow the HOLD DATA instructions to implement TLS for the WebCenter interface.
You can download this PTF from CA Support Online,
- Go to the Download Center / Published Solutions,
- Specify Netmaster as your product, Select "CA NetMaster Network Management for TCP/IP - MVS" from the list
- Specify Release 12.1
- Select the following component
Unicenter NetMaster Management Services - Click on "Go"