CVE-2012-1723
Published: 16 June 2012
Summary
CVE-2012-1723 is a critical-severity Improper Access Control (CWE-284) vulnerability in Oracle Jdk. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).
Deeper analysis
The unspecified vulnerability CVE-2012-1723 resides in the Hotspot component of the Java Runtime Environment within Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier. It is tracked under CWE-284 and carries a CVSS 3.1 score of 9.8, reflecting impacts to confidentiality, integrity, and availability through unknown vectors.
Remote attackers can exploit the flaw over the network without authentication or user interaction, enabling them to affect the confidentiality, integrity, and availability of affected systems.
Vendor advisories such as Red Hat RHSA-2012-0734, Gentoo GLSA-201406-32, and related OpenJDK and Secunia notices address mitigation through updated Java releases that remediate the Hotspot issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2012-1733
Vulnerability details
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and…
more
availability via unknown vectors related to Hotspot.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that remediate the Hotspot flaw in affected Java SE releases.
Restricts or disables execution of untrusted Java mobile code that remote attackers use to trigger the Hotspot vulnerability.
Deploys anti-malware mechanisms that can block or alert on exploit payloads targeting the vulnerable JRE component.