CVE-2013-5456

9 documents5 sources

Severity

9.3CRITICAL

EPSS

1.8%

top 17.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Java

Timeline

PublishedNov 24

Latest updateMay 17

Description

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/java7.0.0.0

🔴Vulnerability Details

GHSA

GHSA-qp4m-8934-3g25: The com↗2022-05-17

▶

CVEList

CVE-2013-5456: The com↗2013-11-24

▶

📋Vendor Advisories

Red Hat

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix↗2016-04-14

▶

Red Hat

JDK: unspecified sandbox bypass (ORB)↗2013-11-05

▶

💬Community

Bugzilla

CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix↗2016-04-27

▶

Bugzilla

CVE-2013-5456 IBM JDK: unspecified sandbox bypass (ORB)↗2013-11-07

▶

Bugzilla

CVE-2013-5458 IBM JDK: unspecified sandbox bypass (XML)↗2013-11-07

▶

Bugzilla

CVE-2013-5457 IBM JDK: unspecified sandbox bypass (ORB)↗2013-11-07

▶