CVE-2014-3068

Name of the Vulnerable Software and Affected Versions IBM Java Runtime Environment (JRE) versions 5.0 through 5.0.16.6 IBM Java Runtime Environment (JRE) versions 6.0 through 6.0.16.0 IBM Java Runtime Environment (JRE) versions 6.1 through 6.1.8.0 IBM Java Runtime Environment (JRE) versions 7.0 through 7.0.7.0 IBM Java Runtime Environment (JRE) versions 7.1 through 7.1.1.0

Description The issue allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

Recommendations For IBM Java Runtime Environment (JRE) versions 5.0 through 5.0.16.6, update to version 5.0.16.7 or later. For IBM Java Runtime Environment (JRE) versions 6.0 through 6.0.16.0, update to version 6.0.16.1 or later. For IBM Java Runtime Environment (JRE) versions 6.1 through 6.1.8.0, update to version 6.1.8.1 or later. For IBM Java Runtime Environment (JRE) versions 7.0 through 7.0.7.0, update to version 7.0.7.1 or later. For IBM Java Runtime Environment (JRE) versions 7.1 through 7.1.1.0, update to version 7.1.1.1 or later.