Problem

On 1/10/13 there was a security vulnerability in Java announced.
Since then the scope of CVE-2013-0422 has been changing.
Originally the CVE indicated that the vulnerabilities was for all version of Java (4, 5, 6, 7) on all platforms, now the CVE indicates that just Java 7 in browsers is vulnerable.

Resolution

Per the Oracle Security Alert for CVE-2013-0422:

"These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications."

Axway client software that requires a JRE to run in a browsers is not vulnerable and does not introduce vulnerabilities in and of itself.

This vulnerability (CVE-2013-0422) allows malicious applets to break out of the Java 7 sandbox and attack the system, therefore the risk is that a malicious entity could trick a user into running a malicious Java applet.
Oracle has issued an update - Java 7 Update 11 - that covers this particular CVE and one other.

Customers on Java 7 should update to Java 7 Update 11 as soon as possible.
Please note that not all Axway clients are certified for Java 7, therefore this is not a general recommendation to update to Java 7 from an earlier version, such as Java 6.
In addition to addressing the CVE(s) Java 7 Update 11 also changes the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.

This should protect Axway customers from running any unknown and potential malicious applets.