Rapid7 Vulnerability & Exploit Database

IBM WebSphere Application Server: CVE-2014-3068: IBM Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU

Back to Search

IBM WebSphere Application Server: CVE-2014-3068: IBM Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
12/01/2014
Created
07/25/2018
Added
04/27/2018
Modified
04/27/2018

Description

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

Solution(s)

  • ibm-was-install-6-1-0-0-pi20800
  • ibm-was-install-7-0-0-0-pi20799
  • ibm-was-install-8-0-0-0-pi20798
  • ibm-was-install-8-5-0-0-pi20795
  • ibm-was-install-8-5-0-0-pi20796
  • ibm-was-install-8-5-0-0-pi20797
  • ibm-was-upgrade-7-0-0-0-7-0-0-35
  • ibm-was-upgrade-8-0-0-0-8-0-0-10
  • ibm-was-upgrade-8-5-0-0-8-5-5-4

References

  • ibm-was-install-6-1-0-0-pi20800
  • ibm-was-install-7-0-0-0-pi20799
  • ibm-was-install-8-0-0-0-pi20798
  • ibm-was-install-8-5-0-0-pi20795
  • ibm-was-install-8-5-0-0-pi20796
  • ibm-was-install-8-5-0-0-pi20797
  • ibm-was-upgrade-7-0-0-0-7-0-0-35
  • ibm-was-upgrade-8-0-0-0-8-0-0-10
  • ibm-was-upgrade-8-5-0-0-8-5-5-4

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;