QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-0363

Back to search

CVE-2016-0363

Published: Jun 3, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

VendorProductVersions

n/a

n/a

affected
n/a

References

85895
vdb-entry
x_refsource_BID
SUSE-SU-2016:1299
vendor-advisory
x_refsource_SUSE
RHSA-2016:1039
vendor-advisory
x_refsource_REDHAT
RHSA-2016:0701
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2016:1303
vendor-advisory
x_refsource_SUSE
SUSE-SU-2016:1475
vendor-advisory
x_refsource_SUSE
SUSE-SU-2016:1300
vendor-advisory
x_refsource_SUSE
RHSA-2016:1430
vendor-advisory
x_refsource_REDHAT
RHSA-2016:0708
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2016:1378
vendor-advisory
x_refsource_SUSE
SUSE-SU-2016:1379
vendor-advisory
x_refsource_SUSE
SUSE-SU-2016:1458
vendor-advisory
x_refsource_SUSE
RHSA-2016:0716
vendor-advisory
x_refsource_REDHAT
1035953
vdb-entry
x_refsource_SECTRACK
SUSE-SU-2016:1388
vendor-advisory
x_refsource_SUSE
RHSA-2016:0702
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1216
vendor-advisory
x_refsource_REDHAT
IX90172
vendor-advisory
x_refsource_AIXAPAR

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now