Vulnerability Description
IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Java | 5.0.0.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21691089Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1164201
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93756
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21691089Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1164201
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93756
FAQ
What is CVE-2014-3068?
CVE-2014-3068 is a vulnerability with a CVSS score of 6.4 (MEDIUM). IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows att...
How severe is CVE-2014-3068?
CVE-2014-3068 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3068?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java.