IBM recently published a security bulletin about an SSLv3 vulnerability called the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. This vulnerability could give a remote attacker plaintext access to what would otherwise be an encrypted SSL session.
Catapult doesn’t use SSLv3 by default but has the ability to specify the SMTP authentication protocol from within the Poller. If you use SSLv3 for sending emails, we recommend switching to TLS.
The Poller configuration is stored within the Catapult library so you’ll need to adjust each installed environment individually.
Posted by Paul on 8th December 2014.