CVE-2013-5456: The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute…

critical9.3CVSS 3.1

AVNACMAuNCCICAC

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.

Affected

31 ranges· showing 25

Vendor	Product	Version range	Fixed in
ibm	java	—	—
ibm	java_sdk	>= 6.0.0.0 < 6.0.16.25	6.0.16.25
ibm	java_sdk	>= 6.1.0.0 < 6.1.8.25	6.1.8.25
ibm	java_sdk	>= 7.0.0.0 < 7.0.9.40	7.0.9.40
ibm	java_sdk	>= 7.1.0.0 < 7.1.3.40	7.1.3.40
ibm	java_sdk	>= 8.0.0.0 < 8.0.3.0	8.0.3.0
novell	suse_linux_enterprise_module_for_legacy_software	—	—
novell	suse_linux_enterprise_server	—	—
novell	suse_linux_enterprise_server	—	—
novell	suse_linux_enterprise_software_development_kit	—	—
novell	suse_linux_enterprise_software_development_kit	—	—
novell	suse_manager	—	—
novell	suse_manager_proxy	—	—
novell	suse_openstack_cloud	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_hpc_node_supplementary	—	—
redhat	enterprise_linux_hpc_node_supplementary	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—

CVSS provenance

nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H