Beginning of this page.
Jump to main content.

Please note that JavaScript and style sheet are used in this website,
Due to unadaptability of the style sheet with the browser used in your computer, pages may not look as original.
Even in such a case, however, the contents can be used safely.

Site menu starts here.
Skip site menu.
End of site menu.
Displaying present location in the site.
End of menu.
Main content starts here.

A note on using the SSL protocol 3.0 when you are using EXPRESSSCOPE Engine

December 1, 2014

About the vulnerability issue of SSL protocol 3.0 (CVE-2014-3566), which was released on October 14, 2014, it may leak the user information by accessing from browser or accessing from Java applications launched from Java Applet and Java Web Start.

The vulnerability issue of SSL protocol 3.0 (CVE-2014-3566) may affect operation of the following products installed to NEC Express5800 series. Please review this information before using.

The products that may be affected by this vulnerability

  • EXPRESSSCOPE Engine
  • EXPRESSSCOPE Engine 2
  • EXPRESSSCOPE Engine SP2
  • EXPRESSSCOPE Engine 3
  • EXPRESSSCOPE Engine SP3
  • EXPRESSSCOPE Engine ft

Operation which is affected by this vulnerability

Accessing EXPRESSSCOPE Engine from Web browser.

Events that may be caused by this vulnerability

When communicate in SSL protocol 3.0, important information such as (username/password) for logging in to EXPRESSSCOPE Engine, and cookie information may be leaked to a third party by the attack called CVE-2014-3566 POODLE (Padding Oracle On Downgraded Legacy Encryption). Please refer to the following public information for more details.

CVE-2014-3566 (POODLE)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

A workaround for this vulnerability

Please disable the SSL protocol 3.0 if it is enabled on your browser and Java, and then enable TLS protocol 1.0 or later.
For more details, please refer to the following document:
Setup Manual for avoiding the vulnerability issue of SSL protocol 3.0