Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

(4 Ratings)
facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

FAQ: Are Informatica products affected by the SSL vulnerability CVE-2014-3566, commonly known as POODLE?
Answer
Informatica has been made aware of a vulnerability in the SSLv3 protocol, CVE-2014-3566 and commonly referred to as 'POODLE'.
 
Refer to the following link for more information on this vulnerability:
 
 
Product 
Affected? Patch / Remediation
PowerCenter Standard, Advanced, Premium Yes. Inter-process communication is through OpenSSL. SSLv3 is preconfigured.  HOW TO: Protect your Informatica Domain from the SSL 3.0 POODLE Vulnerability for detailed information on the fix (KB 305834)
PC Express, PC Big Data Edition Yes. Inter-process communication, and thick-client to server communication, is preconfigured SSLv3. HOW TO: Protect your Informatica Domain from the SSL 3.0 POODLE Vulnerability for detailed information on the fix (KB 305834)
Data Services, Data Quality, Data Explorer Yes. Inter-process communication, and thick-client to server communication, is preconfigured SSLv3. Browser access: Disable SSL* from browser.
HOW TO: Protect your Informatica Domain from the SSL 3.0 POODLE Vulnerability for detailed information on the fix (KB 305834)
Admin Console Yes. Inter-process communication, and browser to server communication, is preconfigured SSLv3. Browser access: Disable SSL* from browser.
HOW TO: Protect your Informatica Domain from the SSL 3.0 POODLE Vulnerability for detailed information on the fix (KB 305834)
Adapters Yes (through third party client libraries) We will need to rely on Third Party remediation for adapters esp Database vendors (Oracle etc) and SaaS vendors (SFDC, MS Dynamics, etc). Recommend customers apply patches from those vendors. For PowerExchange for Salesforce.com, please see the advisory posted on mysupport.informatica.com:
https://mysupport.informatica.com/docs/DOC-13028
Symphony / Analyst Tool Yes. Inter-process communication, and browser to server communication, is preconfigured SSLv3. Browser access: Disable SSL* from browser.
On server side - Customer workaround not possible - Refer KB 305834 for detailed information on the fix.
Metadata Manager & Business Glossary Yes (Third party libraries, Inter-process communication) Browser access: Disable SSL* from browser.
Xconnects rely on 3rd party vendors for patches. Recommend customers apply patches from those vendors.
Also – MM backend runs in INFA domain - Refer KB 305834 for detailed information on the fix.
PowerExchange Mainframe and Changed-Data Capture Yes. Out-of-the-box default is TLS, however customers can switch to SSL.  Customers should examine SET_CONTEXT_METHOD their dbmover.cfg files and ensure TLSV1 is specified. No patch required. Refer KB 303932 for more information
Data Replication Yes. SSLv3 preconfigured in inter-process communication. Risk is low, no browser access possible. No workaround - INFA to make patches available. ETA is Oct 24th.
FastClone No None required
Master Data Management Yes - through dependency on underlying app servers. Browser access: Disable SSL* from browser. Customers should apply workarounds & patches from app server vendors. No Infa patch required.
PIM Yes - through dependency on underlying app servers. Browser access: Disable SSL* from browser. Customers should apply workarounds & patches from app server vendors. No Infa patch required.
Data Archive Default configuration is not affected. But we provide an option to enable SSL v3, hence the product should be classified as affected. Refer FAQ: Is DataArchive affected by "Poodle" SSL vulnerability? (KB 304497)
Dynamic Data Masking No  
IDV No  
SAP Nearline No  
Test Data Management Yes Refer FAQ: Is TDM affected by "Poodle" SSL vulnerability? (KB 304499)
Data Integration Hub, B2B Data Exchange Yes. While not our default, Tomcat can be manually configured to use SSL v3. Customer should check tomcat server.xml configuration and manually change if SSLv3 is set.
B2B DT, DP, UDT, Hparser No  See Note 1 below for B2B DT on Solaris 64 bit platform
Rulepoint, Proactive Monitoring Yes For Rulepoint 6.1, refer KB 307232
For Rulepoint 5.x, refer KB 307238
For PMPC 3.0: Refer KB 307240
For PMPC 2.x, refer KB 307239
UM, Vibe Data Streams No  
Informatica Cloud Yes - Patches already applied, SSL turned off  
Springbok Yes - Patches already applied, SSL turned off  
Address Doctor Yes - SSL already turned off Browser access: Disable SSL* from browser. No other action required.
StrikeIron Yes - applying patches and turning off SSL - complete by Oct 18th Browser access: Disable SSL* from browser. No other action required.
 
 

More Information

Note 1 (This is only applicable to Solaris 64 bit platform)

  
If you are using B2B DT, then please take a backup of DataTransformation/bin directory before installing the EBF on the Informatica server. Run the script mentioned below.  
  
Steps to Apply PoodleEBF on 961 HF1 SunOS :
 
- Take backup of <INFA_HOME>/DataTransformation/bin directory.
- Use EBF installer to install the EBF on Informatica server.
- After applying the EBF,  Set CMEPATH in the symbolicLinks.sh file which is present in <INFA_HOME>/DataTransformation/bin directory, by adding these two lines at the top of the file:
  #!/bin/sh
 CMEPATH="<INFA_HOME>/DataTransformation/bin"
- Use this command to run symbolicLinks.sh in <INFA_HOME>/DataTransformation/bin
 sh symbolicLinks.sh or ./symbolicLinks.sh

Applies To
Product: PowerCenter
Problem Type:
User Type:
Project Phase:
Product Version:
Database:
Operating System:
Other Software:

Reference

Attachments

Last Modified Date:12/15/2014 10:51 PMID:303362
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)