CVE-2013-3009

9 documents5 sources
Severity
9.3CRITICAL
EPSS
4.3%
top 11.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Java
Timeline
PublishedJul 23
Latest updateMay 17

Description

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

โ–ถNVDibm/java62 versions+61

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-5wc9-xxxc-29xm: The comโ†—2022-05-17
โ–ถ
CVEList
CVE-2013-3009: The comโ†—2013-07-23
โ–ถ

๐Ÿ“‹Vendor Advisories

4
Red Hat
JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fixโ†—2016-04-04
โ–ถ
Red Hat
JDK: Unspecified security fixes (July 2013)โ†—2013-07-12
โ–ถ
Red Hat
JDK: Unspecified security fixes (July 2013)โ†—2013-07-12
โ–ถ
Red Hat
JDK: Unspecified security fixes (July 2013)โ†—2013-07-12
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fixโ†—2016-04-05
โ–ถ
Bugzilla
CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 IBM JDK: Unspecified security fixes (July 2013)โ†—2013-07-17
โ–ถ
CVE-2013-3009 (CRITICAL CVSS 9.3) | The com.ibm.CORBA.iiop.ClientDelega | cvebase.io