VDB
CVE-2016-0363
CVE-2016-0363
PUBLISHED
Reported by ibm · Published June 3, 2016
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Jun 3, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- x_refsource_CONFIRM
- 85895 vdb-entryx_refsource_BID
- SUSE-SU-2016:1299 vendor-advisoryx_refsource_SUSE
- RHSA-2016:1039 vendor-advisoryx_refsource_REDHAT
- RHSA-2016:0701 vendor-advisoryx_refsource_REDHAT
- SUSE-SU-2016:1303 vendor-advisoryx_refsource_SUSE
- SUSE-SU-2016:1475 vendor-advisoryx_refsource_SUSE
- SUSE-SU-2016:1300 vendor-advisoryx_refsource_SUSE
- RHSA-2016:1430 vendor-advisoryx_refsource_REDHAT
- x_refsource_MISC
- RHSA-2016:0708 vendor-advisoryx_refsource_REDHAT
- SUSE-SU-2016:1378 vendor-advisoryx_refsource_SUSE
- SUSE-SU-2016:1379 vendor-advisoryx_refsource_SUSE
- 20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8 mailing-listx_refsource_FULLDISC
- SUSE-SU-2016:1458 vendor-advisoryx_refsource_SUSE
- RHSA-2016:0716 vendor-advisoryx_refsource_REDHAT
- 1035953 vdb-entryx_refsource_SECTRACK
- 20160404 [SE-2012-01] Broken security fix in IBM Java 7/8 mailing-listx_refsource_FULLDISC
- SUSE-SU-2016:1388 vendor-advisoryx_refsource_SUSE
- RHSA-2016:0702 vendor-advisoryx_refsource_REDHAT
…and 2 more