QUICK LINKS
Support
Issue Tracker
[Services]
Questions
[uAchieve 4.5 Applications]
[uAchieve 5.0 Application]
[uAchieve 5.1 Application]
Transferology
TES
[Training & Conferences]
Accessibility
Over the past several days there have been two security alerts issued by third parties that have raised questions about their impact on CollegeSource products, particularly those that are installed by clients. This is an overview of those alerts and our recommendation to resolving the problem as related to CollegeSource products.
Java 7 Security Manager Bypass Vulnerability
- Vulnerability of CollegeSource Products: None
- General Vulnerability to CollegeSource Clients: High
- Recommended Resolution: Update Java to latest patch, or disable Java in the browser of all desktops
The full text of the Oracle Security Alert can be found here: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html To summarize.:
Oracle Security Alert for CVE-2013-0422
Description
This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
CollegeSource does not write Java applets or web start applications, so none of our applications require the use of Java in the browser. We also do not write standalone Java desktop applications or embedded Java applications, only server applications. You could disable Java in the browser of all your desktops and CollegeSource applications would not be adversely affected.
Also, according to details provided at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422 this vulnerability does NOT affect Java 6, only Java 7.
Overview
Content Tools