9.3

CVE-2013-3009

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmJava Version1.4.2
IbmJava Version1.4.2.13
IbmJava Version1.4.2.13.1
IbmJava Version1.4.2.13.2
IbmJava Version1.4.2.13.3
IbmJava Version1.4.2.13.4
IbmJava Version1.4.2.13.5
IbmJava Version1.4.2.13.6
IbmJava Version1.4.2.13.7
IbmJava Version1.4.2.13.8
IbmJava Version1.4.2.13.9
IbmJava Version1.4.2.13.10
IbmJava Version1.4.2.13.11
IbmJava Version1.4.2.13.12
IbmJava Version1.4.2.13.13
IbmJava Version1.4.2.13.14
IbmJava Version1.4.2.13.15
IbmJava Version1.4.2.13.16
IbmJava Version1.4.2.13.17
IbmJava Version7.0.0.0
IbmJava Version7.0.1.0
IbmJava Version7.0.2.0
IbmJava Version7.0.3.0
IbmJava Version7.0.4.0
IbmJava Version7.0.4.1
IbmJava Version7.0.4.2
IbmJava Version6.0.0.0
IbmJava Version6.0.1.0
IbmJava Version6.0.2.0
IbmJava Version6.0.3.0
IbmJava Version6.0.4.0
IbmJava Version6.0.5.0
IbmJava Version6.0.6.0
IbmJava Version6.0.7.0
IbmJava Version6.0.8.0
IbmJava Version6.0.8.1
IbmJava Version6.0.9.0
IbmJava Version6.0.9.1
IbmJava Version6.0.9.2
IbmJava Version6.0.10.0
IbmJava Version6.0.10.1
IbmJava Version6.0.11.0
IbmJava Version6.0.12.0
IbmJava Version6.0.13.0
IbmJava Version6.0.13.1
IbmJava Version6.0.13.2
IbmJava Version5.0.0.0
IbmJava Version5.0.11.0
IbmJava Version5.0.11.1
IbmJava Version5.0.11.2
IbmJava Version5.0.12.0
IbmJava Version5.0.12.1
IbmJava Version5.0.12.2
IbmJava Version5.0.12.3
IbmJava Version5.0.12.4
IbmJava Version5.0.12.5
IbmJava Version5.0.13.0
IbmJava Version5.0.14.0
IbmJava Version5.0.15.0
IbmJava Version5.0.16.0
IbmJava Version5.0.16.1
IbmJava Version5.0.16.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.38% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www-01.ibm.com/support/docview.wss?uid=swg21644197
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
http://rhn.redhat.com/errata/RHSA-2013-1059.html
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://rhn.redhat.com/errata/RHSA-2013-1081.html
http://secunia.com/advisories/54154
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013
Vendor Advisory
http://seclists.org/fulldisclosure/2016/Apr/20
http://seclists.org/fulldisclosure/2016/Apr/3
http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792
http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118
http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727
http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf
http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84150