Announcement of Security Updating on Oct. 15th, 2014

 

A vulnerability in the design of SSL version 3.0., Padding Oracle On Downgraded Legacy Encryption (POODLE), has been published today. (Oct. 14th ,2014, USA)

In Questetra system, usually, we use the TLS in encrypted communication, but it had been a state that communication using SSL 3.0 is also available from some clients. In consideration of the content, we have performed an emergency maintenance at 13:30, 15th (JST) without service stoppage.

Object Users

All Users of Questetra BPM Suite SaaS Edition

Maintenance Date Time

Wed. Oct. 15th, 2014 13:30 (JST) [+09:00]

  • Wed. Oct. 15th, 2014 04:30 (UTC)
  • Wed. Oct. 14th, 2014 21:30 (PDT) [-07:00]

Upgraded Version

Questetra BPM Suite Version 9.9.5_20141015

Work Contents

Disabled SSL 3.0 in HTTPS communication.
 

What to do when you could not access to Questetra

There is a possibility that TLS is disabled in the security settings, when you are no longer able to access Questetra in spite of using the browser that listed in System Requirement. Please modify the setting so that TLS is available.


Related Information