SAP Knowledge Base Article - Preview

2128924 - Remediating the POODLE vulnerability (CVE-2014-3566) detected in SAP BI 4.1 using Tomcat.


  • The version of Tomcat provided by SAP BI 4.1 can fall back to SSL 3.0 when its Protocol option is set to "TLS"
  • In the server.xml for Tomcat, TLS protocol is enabled by default.
  • This can make connections with Web Application Server vulnerable to POODLE (also called POODLEBLEED) attacks.



  • SAP BusinessObjects Business Intelligence Platform (BI) 4.1.
  • Tomcat 7.0


SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1


BI, 4.x, 4.0, vulnerable, POODLE, Tomcat, attacks, CVE-2014-3566, tomcat7, PoodleBleed, TLS, SSL, server.xml, default, 41, 40, vulnerability, exploit, cve, 3566, 2014-3566 , KBA , bi4 , bi40 , bi41 , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , BI-BIP-INS , Installation, Updates, Upgrade, Patching , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.