Vulnerability Advisory Summary: - Title: java-1.6.0-sun security update (RHSA-2011-0860) - Risk Level: Low - Affected Versions: Avaya Aura® Conferencing Standard Edition 6.0.x - CVEs: CVE-2011-0862, CVE-2011-0802, CVE-2011-0814, CVE-2011-0868, CVE-2011-0873, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0869, CVE-2011-0871 Mitigating Factors: - Risk is low because exploitation requires an untrusted Java Web Start application or applet to run on the product, which typically requires non-standard user interaction. - Not exploitable through network APIs as the product does not open external web service ports for graphics or sound through the JRE. Impact on Avaya Software-Only Products: - Software-only products are not directly affected by the vulnerability, but the underlying Linux platform may be impacted. - Customers should follow recommended actions from Red Hat regarding their Enterprise Linux. Actions for Customers: - Implement recommended actions and follow Red Hat's security advisory. - Contact Avaya support for additional questions.