Idera’s Server Backup (formerly Continuous Data protection) is implemented using the C++ and C programming languages. Java technology is used for its innovative web-based user interface that allows backups to be centrally administrated remotely from any location. Due to the nature of the exploit and the way Java technology is used by the Server Backup product there is no risk or vulnerability to the Server Backup product.
There was a new exploit discovered in Oracle’s Java technology recently. The exploit is a serious issue for the web browser’s on billions of PCs around the world that include Java technology to run web site using Java applets. The exploit allows a malicious Java applet running on a PC to break out of a Java applets protected “sandbox” and perform undesired actions on the PC including the installation of more malicious code.
Idera Server Backup does not use Java applets and does not execute any third party Java code not distributed by Idera. Therefore our product is not vulnerable to the exploit.
A great article describing the issue is found on Dr Dobbs
The original security disclosure from Adam of security-explorations.com is here: