We’ve Moved

Please update your bookmarks. Support for PowerSchool Learning has moved to the new PowerSchool Community. Visit the PowerSchool Community to find answers in our knowledge base and participate in discussions.


How can we help?

Security Advisory - "POODLE" SSLv3 vulnerability of 14 Oct 2014


Learning Security Advisory - "POODLE" SSLv3 vulnerability - CVE-2014-3566

Release Date


Last Update



A vulnerability was discovered in SSLv3 which could allow a remote attacker to force a TLS downgrade negotiation, which could result in SSLv3 with weak ciphers being used. Once downgraded, the traffic is then susceptible to a man in the middle (MITM) attack.


Moderately Critical


Allows unauthorized disclosure of information

Systems Affected

PowerSchool Learning

Solution Status


Summary: On October 14th, Google security released an advisory regarding a newly discovered SSLv3 attack. In response, the Learning Security Team disabled SSLv3 and its related ciphers on the Learning platform. Additionally, CloudFlare, our CDN provider, immediately disabled SSLv3 when the vulnerability was announced

Status: All systems were patched as of 2014-11-07.

Powered by Zendesk