CVE-2014-3086 — Incorrect Privilege Assignment in IBM Websphere Real Time

CWE-266 — Incorrect Privilege Assignment5 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Domino IBM Lotus Notes IBM Websphere Real Time

Timeline

PublishedAug 12

Latest updateMay 17

Description

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDibm/websphere_real_time3.0

▶NVDibm/lotus_notes8.5.3.0, 9.0.1.0+1

▶NVDibm/lotus_domino8.5.3.0, 9.0.1.0+1

🔴Vulnerability Details

GHSA

GHSA-69wm-fwm5-f2r8: Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allow↗2022-05-17

▶

CVEList

CVE-2014-3086: Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allow↗2014-08-12

▶

📋Vendor Advisories

Red Hat

JDK: Privilege escalation issue↗2014-07-31

▶

💬Community

Bugzilla

CVE-2014-3086 IBM JDK: Privilege escalation issue↗2016-04-06

▶