Is SESWeb at risk of attack from the Poodle or Heartbleed SSL attack vectors?
No. SecureDoc's SESWeb does not use SSL 0.98g. Instead it uses OpenSSL 0.98g.
The difference is that the latter refers to the whole code provided as two libraries LIBEAY and SSLEAY.
The "POODLE bug" as well as Heartbleed and other flaws reported recently are related to the implementation of network protocols which belong to SSLEAY.
WinMagic does not use SSLEAY. The OpenSSL functionality employed by SecureDoc is provided by LIBEAY only. This library contains implementation of the cryptographic algorithms only, which are not subject to the attacks on the protocols.
The protocols employed by the Web components use whatever version Windows provides. If a flaw is found in one of the protocols used by SecureDoc's SESWeb, is up to Microsoft to fix it, and WinMagic recommends to customers that it would be prudent in such case to refrain from using our the Web API until a Microsoft-originated OS update is available.
Further, SecureDoc protects SESWeb with TLS, so the 'POODLE bug" is not applicable to SESWeb.
SesWeb is a IIS based website. If desired, negotiation of security protocol can be limited to only use TLS as described in the following Microsoft bulletin.
https://technet.microsoft.com/en-us/library/security/3009008.aspx