Peter Dettman

**Name of the Vulnerable Software and Affected Versions** Java SE versions 11.0.6 and 14 **Description** The issue is related to insufficient access control in the JSSE component of Oracle Java SE, allowing a remote attacker to gain unauthorized access to protected information via the HTTPS protocol. This can result in unauthorized read access to a subset of Java SE accessible data. The vulnerability can be exploited through sandboxed Java Web Start applications, sandboxed Java applets, or by supplying data to APIs in the specified component. **Recommendations** For Java SE version 11.0.6, update to a version that includes the fix for this issue. For Java SE version 14, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the JSSE component until a patch is available. Avoid using the JSSE component for sensitive operations until the issue is resolved.