CVE-2014-8891

Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition versions 5.0 before SR16-FP9 IBM SDK, Java Technology Edition versions 6 before SR16-FP3 IBM SDK, Java Technology Edition versions 6R1 before SR8-FP3 IBM SDK, Java Technology Edition versions 7 before SR8-FP10 IBM SDK, Java Technology Edition versions 7R1 before SR2-FP10

Description The issue allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. This is part of a broader set of vulnerabilities addressed in Oracle's February 2015 Critical Patch Update.

Recommendations For IBM SDK, Java Technology Edition version 5.0, update to SR16-FP9 or later. For IBM SDK, Java Technology Edition version 6, update to SR16-FP3 or later. For IBM SDK, Java Technology Edition version 6R1, update to SR8-FP3 or later. For IBM SDK, Java Technology Edition version 7, update to SR8-FP10 or later. For IBM SDK, Java Technology Edition version 7R1, update to SR2-FP10 or later.