4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.698 Medium
EPSS
Percentile
98.0%
a. Oracle JRE Update
Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE. VMware products running JRE 1.7 Update 75 or newer and JRE 1.6 Update 91 or newer are not vulnerable to CVE-2014-6593, as documented in the Oracle Java SE Critical Patch Update Advisory of January 2015. This advisory also includes the other security issues that are addressed in JRE 1.7 Update 75 and JRE 1.6 Update 91. The References section provides a link to the JRE advisory.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-6593 to this issue. This issue is also known as “SKIP” or “SKIP-TLS”. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.