Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2013-3009

Published: 23/07/2013 Updated: 29/11/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ibm

Vulnerability Summary

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 prior to 1.4.2 SR13-FP18, 5.0 prior to 5.0 SR16-FP3, 6 prior to 6 SR14, 6.0.1 prior to 6.0.1 SR6, and 7 prior to 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote malicious users to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ibm java 1.4.2.13.16

ibm java 1.4.2.13.15

ibm java 1.4.2.13.11

ibm java 1.4.2.13.9

ibm java 1.4.2

ibm java 1.4.2.13.6

ibm java 1.4.2.13.13

ibm java 1.4.2.13.8

ibm java 1.4.2.13.2

ibm java 1.4.2.13.3

ibm java 1.4.2.13.17

ibm java 1.4.2.13.7

ibm java 1.4.2.13.10

ibm java 1.4.2.13.4

ibm java 1.4.2.13.5

ibm java 1.4.2.13.14

ibm java 1.4.2.13.12

ibm java 1.4.2.13

ibm java 1.4.2.13.1

ibm java 7.0.4.2

ibm java 7.0.2.0

ibm java 7.0.3.0

ibm java 7.0.4.0

ibm java 7.0.4.1

ibm java 7.0.0.0

ibm java 7.0.1.0

ibm java 6.0.3.0

ibm java 6.0.4.0

ibm java 6.0.5.0

ibm java 6.0.10.0

ibm java 6.0.9.2

ibm java 6.0.10.1

ibm java 6.0.0.0

ibm java 6.0.8.1

ibm java 6.0.8.0

ibm java 6.0.13.2

ibm java 6.0.12.0

ibm java 6.0.2.0

ibm java 6.0.9.1

ibm java 6.0.9.0

ibm java 6.0.1.0

ibm java 6.0.11.0

ibm java 6.0.7.0

ibm java 6.0.6.0

ibm java 6.0.13.0

ibm java 6.0.13.1

ibm java 5.0.11.1

ibm java 5.0.0.0

ibm java 5.0.13.0

ibm java 5.0.16.2

ibm java 5.0.12.1

ibm java 5.0.12.2

ibm java 5.0.11.0

ibm java 5.0.14.0

ibm java 5.0.15.0

ibm java 5.0.12.3

ibm java 5.0.12.4

ibm java 5.0.12.5

ibm java 5.0.11.2

ibm java 5.0.12.0

ibm java 5.0.16.1

ibm java 5.0.16.0

Vendor Advisories

Red Hat: Moderate: java-1.7.1-ibm security update
Synopsis Moderate: java-171-ibm security update Type/Severity Security Advisory: Moderate Topic An update for java-171-ibm is now available for Red HatSatellite 57 and Red Hat Satellite 56Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sc ...
Red Hat: CVE-2013-3009
The comibmCORBAiiopClientDelegate class in IBM Java 142 before 142 SR13-FP18, 50 before 50 SR16-FP3, 6 before 6 SR14, 601 before 601 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the javalangreflectMethod class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via ...

References

NVD-CWE-noinfohttp://www-01.ibm.com/support/docview.wss?uid=swg1IV44792http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118http://www-01.ibm.com/support/docview.wss?uid=swg21642336http://www-01.ibm.com/support/docview.wss?uid=swg21644197http://secunia.com/advisories/54154http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1081.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1060.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1059.htmlhttp://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdfhttp://seclists.org/fulldisclosure/2016/Apr/20http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdfhttp://seclists.org/fulldisclosure/2016/Apr/3https://exchange.xforce.ibmcloud.com/vulnerabilities/84150http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlhttps://access.redhat.com/errata/RHSA-2017:1216https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-3009
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook