Some vulnerability scanners report that IWSVA 6.5 SP2 is vulnerable to SSL RC4 Cipher.
CVE References on RC4 and “CRIME” attack:
This type of attack can be mitigated by preventing the use of SSL/TLS compression either at the client end (browser) or on the web server.
Our developers have tested and found that IWSVA does not support RC4 on ports 8443 and 9091, so there is no impact for IWSVA.
In any case, this attack would require an old browser version and all the principal browsers have been patched in 2016.
For more details, refer to the the following articles:
Internet Explorer 11 and Edge:
Mozilla Firefox 44:
Google Chrome 48: