Lucene search

[email protected]NVD:CVE-2013-3009

HistoryJul 23, 2013 - 11:03 a.m.

CVE-2013-3009

2013-07-2311:03:19

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

5.8 Medium

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.2%

JSON

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.

Affected configurations

NVD

Node

ibmjavaMatch1.4.2

ibmjavaMatch1.4.2.13

ibmjavaMatch1.4.2.13.1

ibmjavaMatch1.4.2.13.2

ibmjavaMatch1.4.2.13.3

ibmjavaMatch1.4.2.13.4

ibmjavaMatch1.4.2.13.5

ibmjavaMatch1.4.2.13.6

ibmjavaMatch1.4.2.13.7

ibmjavaMatch1.4.2.13.8

ibmjavaMatch1.4.2.13.9

ibmjavaMatch1.4.2.13.10

ibmjavaMatch1.4.2.13.11

ibmjavaMatch1.4.2.13.12

ibmjavaMatch1.4.2.13.13

ibmjavaMatch1.4.2.13.14

ibmjavaMatch1.4.2.13.15

ibmjavaMatch1.4.2.13.16

ibmjavaMatch1.4.2.13.17

Node

ibmjavaMatch7.0.0.0

ibmjavaMatch7.0.1.0

ibmjavaMatch7.0.2.0

ibmjavaMatch7.0.3.0

ibmjavaMatch7.0.4.0

ibmjavaMatch7.0.4.1

ibmjavaMatch7.0.4.2

Node

ibmjavaMatch6.0.0.0

ibmjavaMatch6.0.1.0

ibmjavaMatch6.0.2.0

ibmjavaMatch6.0.3.0

ibmjavaMatch6.0.4.0

ibmjavaMatch6.0.5.0

ibmjavaMatch6.0.6.0

ibmjavaMatch6.0.7.0

ibmjavaMatch6.0.8.0

ibmjavaMatch6.0.8.1

ibmjavaMatch6.0.9.0

ibmjavaMatch6.0.9.1

ibmjavaMatch6.0.9.2

ibmjavaMatch6.0.10.0

ibmjavaMatch6.0.10.1

ibmjavaMatch6.0.11.0

ibmjavaMatch6.0.12.0

ibmjavaMatch6.0.13.0

ibmjavaMatch6.0.13.1

ibmjavaMatch6.0.13.2

Node

ibmjavaMatch5.0.0.0

ibmjavaMatch5.0.11.0

ibmjavaMatch5.0.11.1

ibmjavaMatch5.0.11.2

ibmjavaMatch5.0.12.0

ibmjavaMatch5.0.12.1

ibmjavaMatch5.0.12.2

ibmjavaMatch5.0.12.3

ibmjavaMatch5.0.12.4

ibmjavaMatch5.0.12.5

ibmjavaMatch5.0.13.0

ibmjavaMatch5.0.14.0

ibmjavaMatch5.0.15.0

ibmjavaMatch5.0.16.0

ibmjavaMatch5.0.16.1

ibmjavaMatch5.0.16.2

References

lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

rhn.redhat.com/errata/RHSA-2013-1059.html

rhn.redhat.com/errata/RHSA-2013-1060.html

rhn.redhat.com/errata/RHSA-2013-1081.html

seclists.org/fulldisclosure/2016/Apr/20

seclists.org/fulldisclosure/2016/Apr/3

secunia.com/advisories/54154

www-01.ibm.com/support/docview.wss?uid=swg1IV44792

www-01.ibm.com/support/docview.wss?uid=swg1IX90118

www-01.ibm.com/support/docview.wss?uid=swg1PM91727

www-01.ibm.com/support/docview.wss?uid=swg21642336

www-01.ibm.com/support/docview.wss?uid=swg21644197

www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013

www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf

www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/84150

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

5.8 Medium

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for NVD:CVE-2013-3009

prion4 cvelist4 cve4 ibm43 nvd3 nessus23 suse17 openvas17 aix1 redhat3 veracode1