CVE-2017-1541

Name of the Vulnerable Software and Affected Versions AIX versions 5.3, 6.1, 7.1, and 7.2

Description The issue is related to a flaw in the JRE/SDK installp and updatep packages, which prevented the java.security, java.policy, and javaws.policy files from being updated correctly. This is due to insufficient input validation, allowing a remote attacker to impact the update procedure of these files. The vulnerability could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact.

Recommendations For AIX versions 5.3, 6.1, 7.1, and 7.2, update the JRE/SDK installp and updatep packages to ensure the java.security, java.policy, and javaws.policy files are updated correctly. As a temporary workaround, consider restricting access to the update procedure of the java.security, java.policy, and javaws.policy files until a patch is available.