NCM 9.4.x includes the fix to disable SSLv3 connections. NCM components are not vulnerable to POODLE attack. For details on this vulnerability, refer to:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

As a fix, the SSL connections to NCM components (Application server, MSA, Apache) are disabled and only TLS connections are allowed.

The SA Suite Security KnowledgeBase (KB) reference at https://docs.vmware.com/en/VMware-Smart-Assurance/9.4.2/302-003-132_01_NCM_942_ReleaseNotes.pdf provides more information.