NAVEX Global’s Customers Protected from “POODLE” Vulnerability

exec_bmccarter_blog.png

NAVEX Global Security has been made aware of a vulnerability in the SSLv3 protocol. We would like to share the measures we have taken to protect our clients and partners from this risk.

Background

Known formally as CVE-2014-3566, the SSL 3.0 or “POODLE” vulnerability potentially allows an attacker to gain access to data passed within an encrypted web session (such as a password), which can then be used to impersonate a user and gain more complete access. 

Impact

This vulnerability is classified as medium. The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers if all three conditions are met. 

Review & Mitigation

Upon learning about the vulnerability, we immediately worked to determine the potential impact. Gateway, EthicsPoint Case Management, Third Party Risk Management, PolicyTech Policy Management, NAVEX Global Learning Management System (LMS), IntegriLink Classic, and IntegriLink Portal Case Management servers have SSL 3.0 enabled, although not all are using CBC ciphers. 

In response to this risk, on October 24, 2014, the IT Hosting Team will be disabling SSL 3.0. Customers should experience limited impact due to the disabling of SSL 3.0 access. Customers simply need to ensure they are accessing the portal using a Browser or Client that support TLS 1.0 or greater. 

Typical browsers that already support this include:​

  • Internet Explorer version 7 and later 
  • Firefox version 1.0 and later 
  • Chrome version 1.0 and later 
  • Safari version 1.0 and later

Questions?

Please feel free to reach out to Client Support or to your NAVEX Global sales representative with any additional questions or concerns.


What do you have to say? Share your thoughts in the comments below or join a discussion group on Compliance Next.


I Need an Automated Policy Management System: Should I Build or Buy?

When organizations come to grips with the need for an automated policy management solution, they often arrive at a crossroads: Do we try to build our own system? Or do we invest in built-for-purpose technology to help us address our challenges? There are several key factors to consider when making this important decision.
Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Creating a Speak-Up Culture in the E.U.: Five Key Challenges Compliance Professionals Are Tackling

NAVEX Global recently hosted two roundtables in the E.U.—one in Stockholm and one in Geneva. Nearly two dozen senior ethics and compliance professionals participated, and shared the top challenges they face in their efforts to create a speak-up culture in their organizations, as well as their best thinking on overcoming those challenges.
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments

Email Signup