CVE-2013-3009
published 2013-07-23CVE-2013-3009: The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
Affected
90 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
| ibm | java | — | — |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H