CVE DATABASE / CVE-2012-1723
CVE-2012-1723
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Confirmed exploited in the wild. Added 2022-03-03.
Federal remediation due 2022-03-24.
Required action: Apply updates per vendor instructions.
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html
- http://marc.info/?l=bugtraq&m=134496371727681&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0734.html
- http://secunia.com/advisories/51080
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.ibm.com/support/docview.wss?uid=swg21615246
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:095
- http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
- http://www.securityfocus.com/bid/53960
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16259
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1723
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.