Skip to main content
Delphix

TB018 CVE-2014-3566 Vulnerability Statement

  1. Last updated
  2. Save as PDF
 

 

Alert Type

Security

Contributing Factors

The vulnerability affects Delphix releases prior to Delphix Engine 4.1.3, including:

  • Delphix Engine 2.6
  • Delphix Engine 2.7.0.0
  • Delphix Engine 2.7.1.0, 2.7.1.1, and 2.7.1.2
  • Delphix Engine 2.7.2.0
  • Delphix Engine 2.7.3.0 and 2.7.3.1
  • Delphix Engine 2.7.4.0
  • Delphix Engine 2.7.5.0
  • Delphix Engine 2.7.6.0
  • Delphix Engine 3.0.0.3 and 3.0.0.4
  • Delphix Engine 3.0.1.0, 3.0.1.2, and 3.0.1.3
  • Delphix Engine 3.0.2.0 and 3.0.2.1
  • Delphix Engine 3.0.3.0 and 3.0.3.1
  • Delphix Engine 3.0.4.0
  • Delphix Engine 3.0.5.0
  • Delphix Engine 3.1.0.1
  • Delphix Engine 3.1.1.0
  • Delphix Engine 3.1.2.0 and 3.1.2.1
  • Delphix Engine 3.1.3.0, 3.1.3.1, and 3.1.3.2
  • Delphix Engine 3.1.4.0
  • Delphix Engine 3.1.5.0
  • Delphix Engine 3.2.0.0
  • Delphix Engine 3.2.1.0
  • Delphix Engine 3.2.2.0 and 3.2.2.1
  • Delphix Engine 3.2.3.0 and 3.2.3.1
  • Delphix Engine 3.2.4.0, 3.2.4.1, and 3.2.4.2
  • Delphix Engine 3.2.5.0 and 3.2.5.1
  • Delphix Engine 3.2.6.0
  • Delphix Engine 3.2.7.0
  • Delphix Engine 4.0.0.0 and 4.0.0.1
  • Delphix Engine 4.0.1.0
  • Delphix Engine 4.0.2.0
  • Delphix Engine 4.0.3.0
  • Delphix Engine 4.0.4.0
  • Delphix Engine 4.0.5.0
  • Delphix Engine 4.0.6.0 and 4.0.6.1
  • Delphix Engine 4.1.0.0
  • Delphix Engine 4.1.1.0
  • Delphix Engine 4.1.2.0

Overview

Delphix has evaluated its Transport Layer Security (TLS) implementation in the Delphix Engine product and found that it is vulnerable to exploits that take advantage of TLS fail back to SSLv3.0.  The links in the "Additional Information" section contain further information about the potential exploit.  Exploiting this vulnerability is difficult and would generally require another successful intrusion, such as a man-in-the-middle (MITM) attack.  Because Delphix typically operates in environments where MITM attacks are difficult, this vulnerability is classified as a moderate-risk. 

Resolution

This vulnerability is fully resolved in Delphix Engine 4.1.3.0, and later releases.

Additional Information

Google POODLE exploit description (external link)

United States Computer Emergency Readiness Team (CERT) Alert (TA14-290A) (external link)

National Vulnerability Database: CVE-2014-3566 (external link)

Privacy Policy Terms of Use Legal About
© 2024 Delphix Corp