CVE-2014-3068

CWE-2555 documents5 sources
Severity
6.4MEDIUM
EPSS
0.2%
top 54.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Java
Timeline
PublishedDec 2
Latest updateMay 17

Description

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDibm/java46 versions+45

🔴Vulnerability Details

2
GHSA
GHSA-24mr-4mwr-24fg: IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (72022-05-17
CVEList
CVE-2014-3068: IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (72014-12-02

📋Vendor Advisories

1
Red Hat
JDK: Java CMS keystore provider potentially allows brute-force private key recovery2014-11-14

💬Community

1
Bugzilla
CVE-2014-3068 IBM JDK: Java CMS keystore provider potentially allows brute-force private key recovery2014-11-14
CVE-2014-3068 (MEDIUM CVSS 6.4) | IBM Java Runtime Environment (JRE) | cvebase.io