Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3068

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

Published

2014-12-02T01:59:02.577

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	java	5.0.0.0	Yes
Application	ibm	java	5.0.11.0	Yes
Application	ibm	java	5.0.11.1	Yes
Application	ibm	java	5.0.11.2	Yes
Application	ibm	java	5.0.12.0	Yes
Application	ibm	java	5.0.12.1	Yes
Application	ibm	java	5.0.12.2	Yes
Application	ibm	java	5.0.12.3	Yes
Application	ibm	java	5.0.12.4	Yes
Application	ibm	java	5.0.12.5	Yes
Application	ibm	java	5.0.13.0	Yes
Application	ibm	java	5.0.14.0	Yes
Application	ibm	java	5.0.15.0	Yes
Application	ibm	java	5.0.16.0	Yes
Application	ibm	java	5.0.16.1	Yes
Application	ibm	java	5.0.16.2	Yes
Application	ibm	java	5.0.16.3	Yes
Application	ibm	java	6.0.0.0	Yes
Application	ibm	java	6.0.1.0	Yes
Application	ibm	java	6.0.2.0	Yes
Application	ibm	java	6.0.3.0	Yes
Application	ibm	java	6.0.4.0	Yes
Application	ibm	java	6.0.5.0	Yes
Application	ibm	java	6.0.6.0	Yes
Application	ibm	java	6.0.7.0	Yes
Application	ibm	java	6.0.8.0	Yes
Application	ibm	java	6.0.8.1	Yes
Application	ibm	java	6.0.9.0	Yes
Application	ibm	java	6.0.9.1	Yes
Application	ibm	java	6.0.9.2	Yes
Application	ibm	java	6.0.10.0	Yes
Application	ibm	java	6.0.10.1	Yes
Application	ibm	java	6.0.11.0	Yes
Application	ibm	java	6.0.12.0	Yes
Application	ibm	java	6.0.13.0	Yes
Application	ibm	java	6.0.13.1	Yes
Application	ibm	java	6.0.13.2	Yes
Application	ibm	java	6.0.14.0	Yes
Application	ibm	java	7.0.0.0	Yes
Application	ibm	java	7.0.1.0	Yes
Application	ibm	java	7.0.2.0	Yes
Application	ibm	java	7.0.3.0	Yes
Application	ibm	java	7.0.4.0	Yes
Application	ibm	java	7.0.4.1	Yes
Application	ibm	java	7.0.4.2	Yes
Application	ibm	java	7.0.5.0	Yes

References

http://rhn.redhat.com/errata/RHSA-2015-0264.html ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876 Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894 Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21691089 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1164201 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0264.html (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21691089 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1164201 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 (af854a3a-2127-422b-91ae-364da2661108)