NCM 9.4.x includes the fix to disable SSLv3 connections. NCM components are not vulnerable to POODLE attack. For details on this vulnerability, refer to:

As a fix, the SSL connections to NCM components (Application server, MSA, Apache) are disabled and only TLS connections are allowed.

The SA Suite Security KnowledgeBase (KB) reference at provides more information.