NCM 9.4.x includes the fix to disable SSLv3 connections. NCM components are not vulnerable to POODLE attack. For details on this vulnerability, refer to:
As a fix, the SSL connections to NCM components (Application server, MSA, Apache) are disabled and only TLS connections are allowed.
The SA Suite Security KnowledgeBase (KB) reference at https://docs.vmware.com/en/VMware-Smart-Assurance/9.4.2/302-003-132_01_NCM_942_ReleaseNotes.pdf provides more information.