- Zenoss Resource Manager 4.x
- Cisco UCS Performance Manager 1.x
Recently, a vulnerability named POODLE (Padding Oracle On Downgraded Legacy Encryption) has been found in OpenSSL, a popular crypotography library. The vulnerability is described here: https://www.openssl.org/~bodo/ssl-poodle.pdf.
If configured to use SSL, Resource Manager and UCS Performance Manager use OpenSSL. As such, the OpenSSL vulnerability would affect any such deployments.
SSL is not configured by default in either Resource Manager or UCS Performance Manager. However, if SSL has been configured, the system administrator can follow the procedures detailed by their operating system distribution to mitigate the vulnerability. The Centos and Red Hat procedures for doing so can be found at the following sites: