CVE-2014-3065

CWE-94 — Code Injection5 documents5 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 73.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Java

Timeline

PublishedDec 2

Latest updateMay 17

Description

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/java46 versions+45

🔴Vulnerability Details

GHSA

GHSA-7f48-7whf-6c52: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7↗2022-05-17

▶

CVEList

CVE-2014-3065: Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7↗2014-12-02

▶

📋Vendor Advisories

Red Hat

JDK: privilege escalation via shared class cache↗2014-11-10

▶

💬Community

Bugzilla

CVE-2014-3065 IBM JDK: privilege escalation via shared class cache↗2014-11-11

▶