CVE-2015-1914

Name of the Vulnerable Software and Affected Versions IBM Java versions prior to 7 R1 SR3 IBM Java versions prior to 7 SR9 IBM Java 6 R1 versions prior to SR8 FP4 IBM Java 6 versions prior to SR16 FP4 IBM Java 5.0 versions prior to SR16 FP10

Description The issue allows remote attackers to bypass permission checks and obtain sensitive information via vectors related to the Java Virtual Machine. Additionally, a vulnerability in IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections, facilitating brute-force decryption of TLS/SSL traffic between vulnerable clients and servers using man-in-the-middle techniques.

Recommendations For IBM Java 7 R1, update to SR3 or later. For IBM Java 7, update to SR9 or later. For IBM Java 6 R1, update to SR8 FP4 or later. For IBM Java 6, update to SR16 FP4 or later. For IBM Java 5.0, update to SR16 FP10 or later.