Security Bulletin for Mitel Alarm Server SECURITY BULLETIN ID: 15-0013-003 RELEASE VERSION: 1.0 DATE: 2016-02-01 SECURITY BULLETIN 15-0013-003 V1.0 OVERVIEW This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0013. Visit http://www.mitel.com/security-advisories for more details. Multiple vulnerabilities have been identified in specific versions of Oracle Java. The reported issues have varied levels of risk, where some of which were rated as high. Details for some issues are undisclosed by the vendor. As a precautionary measure, Mitel is updating products to use unaffected versions of Java. The corresponding CVEs are identified in this Security Bulletin; customers are advised to consult these CVEs and vendor references for technical details. APPLICABLE PRODUCTS This security bulletin provides information on the following products: PRODUCT NAME VERSION(S) AFFECTED SOLUTION(S) AVAILABLE Mitel Alarm Server 3.0 3.0 HF3 RISK / EXPOSURE The following CVE is potentially applicable to Mitel Alarm Server: CVE-2015-4843 Due to the limited information, Mitel’s ability to confirm applicablitiy and resolution is limited, and is therefore relying on the vendor’s assertion. Please consult the CVEs for additional details about the risk associated with this vulnerability. MITIGATION / WORKAROUNDS No workarounds are available Mitigation is avaiable through update to Alarm Server 3.0 HF3 PATCH INFORMATION A new release of Mitel Alarm Server is available, which allows the customer to update the JDK. Customers are advised to update to Mitel Alarm Server 3.0 HF1 and update the JDK used by the Alarm Server. Instructions for the updates are provided in the release notes of Mitel Alarm Server 3.0 HF1. © Copyright 2016, Mitel Networks Corporation. All Rights Reserved. The Mitel word and logo are trademarks of Mitel Networks Corporation. Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of these marks.