Executive Summary


The “Poodle” vulnerability in SSL (Secure Socket Library) has been widely reported in the news recently.  Any product which uses SSL for secure communications is potentially vulnerable to this issue.   Many software vendors are delivering patches that close this security hole.

          

Affected Software & Suggested Actions

 

After the emergence of the Poodle bug, Informatica investigated potential exposure to our products. Some Informatica products are affected and we recommend customer action, including applying patches, to disable SSL usage and replace with other secure communication protocols.

 

The Informatica products which are affected are listed here: https://mysupport.informatica.com/infakb/faq/7/Pages/14/303362.aspx.


If you are running any of the products on this list, you should follow instructions provided there in order to ensure your environment is secure.


Frequently Asked Questions (FAQs)

 

What is the “Poodle" Bug?


The SSL protocol 3.0, as used in OpenSSL through 1.0.1i  and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue, CVE-2014-3566

Please refer to http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 for further information.

 

What is the scope of this advisory?

This advisory is applicable to several Informatica products which invoke command line executables via bash. Please see the complete list at https://mysupport.informatica.com/infakb/faq/7/Pages/14/303362.aspx.

 

Whom should I contact for additional questions?

For all questions related to this advisory, please contact your nearest Informatica Global Customer Support Center: