Cyber Resilience

CVE-2012-1723

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 16 June 2012

Published
16 June 2012
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9408 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-1723 is a critical-severity Improper Access Control (CWE-284) vulnerability in Oracle Jdk. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).

Deeper analysis

The unspecified vulnerability CVE-2012-1723 resides in the Hotspot component of the Java Runtime Environment within Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier. It is tracked under CWE-284 and carries a CVSS 3.1 score of 9.8, reflecting impacts to confidentiality, integrity, and availability through unknown vectors.

Remote attackers can exploit the flaw over the network without authentication or user interaction, enabling them to affect the confidentiality, integrity, and availability of affected systems.

Vendor advisories such as Red Hat RHSA-2012-0734, Gentoo GLSA-201406-32, and related OpenJDK and Secunia notices address mitigation through updated Java releases that remediate the Hotspot issue.

EU & UK References

Vulnerability details

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and…

more

availability via unknown vectors related to Hotspot.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oracle
jdk
1.5.0, 1.6.0, 1.7.0 · ≤ 1.4.2_37
oracle
jre
1.5.0, 1.6.0, 1.7.0 · ≤ 1.4.2_37
redhat
icedtea6
≤ 1.10.8 · 1.11.0 — 1.11.3
redhat
enterprise linux desktop
5.0, 6.0
redhat
enterprise linux eus
6.2
redhat
enterprise linux server
5.0, 6.0
redhat
enterprise linux server aus
6.2
redhat
enterprise linux workstation
5.0, 6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that remediate the Hotspot flaw in affected Java SE releases.

prevent

Restricts or disables execution of untrusted Java mobile code that remote attackers use to trigger the Hotspot vulnerability.

preventdetect

Deploys anti-malware mechanisms that can block or alert on exploit payloads targeting the vulnerable JRE component.

References