TIBCO API Exchange and POODLE Vulnerability [Nov 2014]
Article ID: KB0108189
Updated On:
| Products | Versions |
|---|---|
| TIBCO Cloud API Exchange | - |
| Not Applicable | - |
Description
Description:
Migration of the existing custom extension project is done by updating the project shipped with TIBCO API Exchange 2.1.1, which already has the POODLE issue addressed out of the box as mentioned above.
Description
TIBCO API Exchange has a number of security transports that utilize secure protocols such as SSL. The POODLE Vulnerability is addressed in the TIBCO API Exchange 2.1.1 release, and there is no mitigation available in versions prior to TIBCO API Exchange 2.1.1.
The following is a list of the components affected in TIBCO API Exchange.
HTTP/s Channels
Both the 2.1.1 release of TIBCO API Exchange Gateway and the TIBCO API Exchange Manager have addressed the POODLE vulnerability by disabling SSLv3 on all HTTP/s Channels used. There is no project migration task related to the POODLE vulnerability for either TIBCO API Exchange Manager or TIBCO API Exchange Gateway using TIBCO API Exchange 2.1.1.
Migration of the existing custom extension project is done by updating the project shipped with TIBCO API Exchange 2.1.1, which already has the POODLE issue addressed out of the box as mentioned above.
Issue/Introduction
TIBCO API Exchange and POODLE Vulnerability [Nov 2014]
Environment
All platforms
Additional Information
TIBCO APIX 2.1.1 Release Notes.
Feedback
Yes
No
Powered by
