CVE-2016-0363
published 2016-06-03CVE-2016-0363: The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9…
high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | java_sdk | >= 6.0.0.0 < 6.0.16.25 | 6.0.16.25 |
| ibm | java_sdk | >= 6.1.0.0 < 6.1.8.25 | 6.1.8.25 |
| ibm | java_sdk | >= 7.0.0.0 < 7.0.9.40 | 7.0.9.40 |
| ibm | java_sdk | >= 7.1.0.0 < 7.1.3.40 | 7.1.3.40 |
| ibm | java_sdk | >= 8.0.0.0 < 8.0.3.0 | 8.0.3.0 |
| novell | suse_linux_enterprise_module_for_legacy_software | — | — |
| novell | suse_linux_enterprise_server | — | — |
| novell | suse_linux_enterprise_server | — | — |
| novell | suse_linux_enterprise_software_development_kit | — | — |
| novell | suse_linux_enterprise_software_development_kit | — | — |
| novell | suse_manager | — | — |
| novell | suse_manager_proxy | — | — |
| novell | suse_openstack_cloud | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node_supplementary | — | — |
| redhat | enterprise_linux_hpc_node_supplementary | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |