20 Apr 2012
30 May 2012
IBM Java 1.4.x
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Manipulation of data
This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access.
The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
For more information:
Update to version 1.4.2 SR13-FP12 or 6 SR10-FP1.