CVE-2014-3068

JDK: Java CMS keystore provider potentially allows brute-force private key recovery

Severity Score

9.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

IBM Java Runtime Environment (JRE) 7 R1 anterior a SR1 FP1 (7.1.1.1), 7 anterior a SR7 FP1 (7.0.7.1), 6 R1 anterior a SR8 FP1 (6.1.8.1), 6 anterior a SR16 FP1 (6.0.16.1), y anterior a 5.0 SR16 FP7 (5.0.16.7) permite a atacantes obtener la clave privada de un almacén de claves del sistema de gestión de certificados 'Certificate Management System (CMS)' a través de un ataque de fuerza bruta.

This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-04-29 CVE Reserved
2014-12-02 CVE Published
2024-08-06 CVE Updated
2025-04-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (7)

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/93756	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-0264.html	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg21691089	2017-08-29
https://bugzilla.redhat.com/show_bug.cgi?id=1164201	2015-02-24
https://access.redhat.com/security/cve/CVE-2014-3068	2015-02-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.0.0 Search vendor "Ibm" for product "Java" and version "5.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.11.0 Search vendor "Ibm" for product "Java" and version "5.0.11.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.11.1 Search vendor "Ibm" for product "Java" and version "5.0.11.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.11.2 Search vendor "Ibm" for product "Java" and version "5.0.11.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.0 Search vendor "Ibm" for product "Java" and version "5.0.12.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.1 Search vendor "Ibm" for product "Java" and version "5.0.12.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.2 Search vendor "Ibm" for product "Java" and version "5.0.12.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.3 Search vendor "Ibm" for product "Java" and version "5.0.12.3"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.4 Search vendor "Ibm" for product "Java" and version "5.0.12.4"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.12.5 Search vendor "Ibm" for product "Java" and version "5.0.12.5"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.13.0 Search vendor "Ibm" for product "Java" and version "5.0.13.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.14.0 Search vendor "Ibm" for product "Java" and version "5.0.14.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.15.0 Search vendor "Ibm" for product "Java" and version "5.0.15.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.0 Search vendor "Ibm" for product "Java" and version "5.0.16.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.1 Search vendor "Ibm" for product "Java" and version "5.0.16.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.2 Search vendor "Ibm" for product "Java" and version "5.0.16.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				5.0.16.3 Search vendor "Ibm" for product "Java" and version "5.0.16.3"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.0.0 Search vendor "Ibm" for product "Java" and version "6.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.1.0 Search vendor "Ibm" for product "Java" and version "6.0.1.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.2.0 Search vendor "Ibm" for product "Java" and version "6.0.2.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.3.0 Search vendor "Ibm" for product "Java" and version "6.0.3.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.4.0 Search vendor "Ibm" for product "Java" and version "6.0.4.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.5.0 Search vendor "Ibm" for product "Java" and version "6.0.5.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.6.0 Search vendor "Ibm" for product "Java" and version "6.0.6.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.7.0 Search vendor "Ibm" for product "Java" and version "6.0.7.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.8.0 Search vendor "Ibm" for product "Java" and version "6.0.8.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.8.1 Search vendor "Ibm" for product "Java" and version "6.0.8.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.9.0 Search vendor "Ibm" for product "Java" and version "6.0.9.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.9.1 Search vendor "Ibm" for product "Java" and version "6.0.9.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.9.2 Search vendor "Ibm" for product "Java" and version "6.0.9.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.10.0 Search vendor "Ibm" for product "Java" and version "6.0.10.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.10.1 Search vendor "Ibm" for product "Java" and version "6.0.10.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.11.0 Search vendor "Ibm" for product "Java" and version "6.0.11.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.12.0 Search vendor "Ibm" for product "Java" and version "6.0.12.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.13.0 Search vendor "Ibm" for product "Java" and version "6.0.13.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.13.1 Search vendor "Ibm" for product "Java" and version "6.0.13.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.13.2 Search vendor "Ibm" for product "Java" and version "6.0.13.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				6.0.14.0 Search vendor "Ibm" for product "Java" and version "6.0.14.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.0.0 Search vendor "Ibm" for product "Java" and version "7.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.1.0 Search vendor "Ibm" for product "Java" and version "7.0.1.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.2.0 Search vendor "Ibm" for product "Java" and version "7.0.2.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.3.0 Search vendor "Ibm" for product "Java" and version "7.0.3.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.4.0 Search vendor "Ibm" for product "Java" and version "7.0.4.0"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.4.1 Search vendor "Ibm" for product "Java" and version "7.0.4.1"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.4.2 Search vendor "Ibm" for product "Java" and version "7.0.4.2"		-		Affected
Ibm Search vendor "Ibm"		Java Search vendor "Ibm" for product "Java"				7.0.5.0 Search vendor "Ibm" for product "Java" and version "7.0.5.0"		-		Affected