Hi:

The answer to your question is no, C4C is not vulnerable to this attack. As you can see from the article, only servers that still support SSLv2 are vulnerable to this attack. C4C does not support SSLv2 (or for that matter, not even SSLv3) for inbound HTTPS connections. You can rest assured that this vulnerability will not affect the transport security when using C4C.

You can validate this by going to any 3rd party SSL server test site e.g. https://www.ssllabs.com/ssltest/analyze.html and running the SSL test against your tenant hostname.

SAP's core business is about business-critical information, and our experts are dedicated to developing secure enterprise software – for cloud and on-premise deployments – to help ensure the security and privacy of your business in a networked economy. Read all the details at http://www.sap.com/pc/tech/security/software/dataprotection-privacy.html

Regards

Venki