CVE-2014-3065

JDK: privilege escalation via shared class cache

Severity Score

6.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.

Vulnerabilidad no especificada en IBM Java Runtime Environment (JRE) 7 R1 anterior a SR2 (7.1.2.0), 7 anterior a SR8 (7.0.8.0), 6 R1 anterior a SR8 FP2 (6.1.8.2), 6 anterior a SR16 FP2 (6.0.16.2), y anterior a SR16 FP8 (5.0.16.8) permite a usuarios locales ejecutar código arbitrario a través de vectores relacionados con el caché de clases compartidas.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-04-29 CVE Reserved
2014-11-20 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (18)

URL	Tag	Source
http://www.securityfocus.com/bid/71147	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html	2015-03-18
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html	2015-03-18
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html	2015-03-18
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html	2015-03-18
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html	2015-03-18
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html	2015-03-18
http://rhn.redhat.com/errata/RHSA-2014-1876.html	2015-03-18
http://rhn.redhat.com/errata/RHSA-2014-1877.html	2015-03-18
http://rhn.redhat.com/errata/RHSA-2014-1880.html	2015-03-18
http://rhn.redhat.com/errata/RHSA-2014-1881.html	2015-03-18
http://rhn.redhat.com/errata/RHSA-2014-1882.html	2015-03-18
http://rhn.redhat.com/errata/RHSA-2015-0264.html	2015-03-18
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66044	2015-03-18
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66045	2015-03-18
http://www-01.ibm.com/support/docview.wss?uid=swg21688283	2015-03-18
https://bugzilla.redhat.com/show_bug.cgi?id=1162554	2015-02-24
https://access.redhat.com/security/cve/CVE-2014-3065	2015-02-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.0.0 Search vendor "Ibm" for product "Java" and version "5.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.11.0 Search vendor "Ibm" for product "Java" and version "5.0.11.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.11.1 Search vendor "Ibm" for product "Java" and version "5.0.11.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.11.2 Search vendor "Ibm" for product "Java" and version "5.0.11.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.0 Search vendor "Ibm" for product "Java" and version "5.0.12.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.1 Search vendor "Ibm" for product "Java" and version "5.0.12.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.2 Search vendor "Ibm" for product "Java" and version "5.0.12.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.3 Search vendor "Ibm" for product "Java" and version "5.0.12.3"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.4 Search vendor "Ibm" for product "Java" and version "5.0.12.4"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.5 Search vendor "Ibm" for product "Java" and version "5.0.12.5"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.13.0 Search vendor "Ibm" for product "Java" and version "5.0.13.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.14.0 Search vendor "Ibm" for product "Java" and version "5.0.14.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.15.0 Search vendor "Ibm" for product "Java" and version "5.0.15.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.0 Search vendor "Ibm" for product "Java" and version "5.0.16.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.1 Search vendor "Ibm" for product "Java" and version "5.0.16.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.2 Search vendor "Ibm" for product "Java" and version "5.0.16.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.3 Search vendor "Ibm" for product "Java" and version "5.0.16.3"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.0.0 Search vendor "Ibm" for product "Java" and version "6.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.1.0 Search vendor "Ibm" for product "Java" and version "6.0.1.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.2.0 Search vendor "Ibm" for product "Java" and version "6.0.2.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.3.0 Search vendor "Ibm" for product "Java" and version "6.0.3.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.4.0 Search vendor "Ibm" for product "Java" and version "6.0.4.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.5.0 Search vendor "Ibm" for product "Java" and version "6.0.5.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.6.0 Search vendor "Ibm" for product "Java" and version "6.0.6.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.7.0 Search vendor "Ibm" for product "Java" and version "6.0.7.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.8.0 Search vendor "Ibm" for product "Java" and version "6.0.8.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.8.1 Search vendor "Ibm" for product "Java" and version "6.0.8.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.9.0 Search vendor "Ibm" for product "Java" and version "6.0.9.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.9.1 Search vendor "Ibm" for product "Java" and version "6.0.9.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.9.2 Search vendor "Ibm" for product "Java" and version "6.0.9.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.10.0 Search vendor "Ibm" for product "Java" and version "6.0.10.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.10.1 Search vendor "Ibm" for product "Java" and version "6.0.10.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.11.0 Search vendor "Ibm" for product "Java" and version "6.0.11.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.12.0 Search vendor "Ibm" for product "Java" and version "6.0.12.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.13.0 Search vendor "Ibm" for product "Java" and version "6.0.13.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.13.1 Search vendor "Ibm" for product "Java" and version "6.0.13.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.13.2 Search vendor "Ibm" for product "Java" and version "6.0.13.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.14.0 Search vendor "Ibm" for product "Java" and version "6.0.14.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.0.0 Search vendor "Ibm" for product "Java" and version "7.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.1.0 Search vendor "Ibm" for product "Java" and version "7.0.1.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.2.0 Search vendor "Ibm" for product "Java" and version "7.0.2.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.3.0 Search vendor "Ibm" for product "Java" and version "7.0.3.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.4.0 Search vendor "Ibm" for product "Java" and version "7.0.4.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.4.1 Search vendor "Ibm" for product "Java" and version "7.0.4.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.4.2 Search vendor "Ibm" for product "Java" and version "7.0.4.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.5.0 Search vendor "Ibm" for product "Java" and version "7.0.5.0"		-		Affected