Cisco Security Advisory Cisco Jabber STARTTLS Downgrade Vulnerability Medium Advisory ID: cisco-sa-20151224-jab First Published: 2015 December 24 18:30 GMT Version 2.1: Final Workarounds: No workarounds available. Vulnerability exists because the client does not verify that an Extensible Messaging and Presence Protocol (XMPP) connection has been established with Transport Layer Security (TLS) An attacker could exploit this vulnerability by performing a man-in-the-middle attack to tamper with the XMPP connection.”]
Source: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab