Advisory: SSL 3.0 Exploit (a.k.a POODLE attack)

Home

Advisory: SSL 3.0 Exploit (a.k.a POODLE attack)

17 Oct 2014

October 17, 2014 - Advisory: SSL 3.0 Exploit (a.k.a POODLE attack)

In response to the recently documented SSL 3.0 vulnerability (Reference: CVE-2014-3566), InterSystems advises customers to switch from using or requiring SSL 2.0 or SSL 3.0 and instead use only TLSv1.

InterSystems products support TLSv1, SSL 3.0 and SSL 2.0 for SSL/TLS. The SSL/TLS configuration can be controlled through the Management Portal (System > Security Management > SSL/TLS Configuration)

Furthermore, beginning with version 2014.2, InterSystems products will default for newly defined SSL/TLS configurations to only include TLSv1; SSL 3.0 will still be available as an option.

If you have any questions regarding this advisory, please contact the Worldwide Response Center.

Latest Alerts & Advisories

17 Apr 2025

Product Alerts & Advisories

InterSystems Security Public Notification

InterSystems has addressed security vulnerabilities that impact applications using OAuth2 Client configurations on InterSystems IRIS, InterSystems IRIS for Health, HealthShare, HealthShare HealthConnect, TrakCare, Caché, and Ensemble. Remediation steps and additional guidance documentation are available from the InterSystems Worldwide Response Center (WRC).

02 Apr 2025

Product Alerts & Advisories

April 2, 2025 – Alert: InterSystems IRIS 2024.3 – AIX JSON Parsing Issue & IntegratedML Incompatibilities

Product & Versions Affected Explicit Requirements DP-439207 InterSystems IRIS® data platform 2024.3 (AIX) AIX installations Using JSON processing and Unicode non-Latin-1 character sets DP-439280 InterSystems IRIS 2024.3 (containers with IntegratedML) IntegratedML Containers using TensorFlow

04 Mar 2025

Product Alerts & Advisories

Advisory: Patient Access Events Should Be Recorded by Client ID for CMS-0057