Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2016-0363

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

  • Published: Jun 3, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2016-0363
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / satellite 5.7 5.7.x
redhat / enterprise_linux_hpc_node_supplementary 6.0 6.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_server_eus 7.2 7.2.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x
redhat / enterprise_linux_hpc_node_supplementary 7.0 7.0.x
redhat / enterprise_linux_server_eus 7.3 7.3.x
redhat / enterprise_linux_server_eus 7.4 7.4.x
redhat / enterprise_linux_server_eus 7.5 7.5.x
redhat / satellite 5.6 5.6.x
redhat / enterprise_linux_server_eus 6.7 6.7.x
novell / suse_manager 2.1 2.1.x
novell / suse_linux_enterprise_server 11.0-sp4 11.0-sp4.x
novell / suse_manager_proxy 2.1 2.1.x
novell / suse_linux_enterprise_server 12.0 12.0.x
novell / suse_linux_enterprise_module_for_legacy_software 12 12.x
novell / suse_linux_enterprise_server 12.0-sp1 12.0-sp1.x
novell / suse_linux_enterprise_server 11.0-sp2 11.0-sp2.x
novell / suse_linux_enterprise_server 11.0-sp3 11.0-sp3.x
novell / suse_linux_enterprise_software_development_kit 12.0-sp1 12.0-sp1.x
novell / suse_linux_enterprise_software_development_kit 12.0 12.0.x
novell / suse_openstack_cloud 5 5.x
novell / suse_linux_enterprise_software_development_kit 11.0-sp4 11.0-sp4.x
ibm / java_sdk 6.0.0.0 6.0.16.25
ibm / java_sdk 6.1.0.0 6.1.8.25
ibm / java_sdk 7.0.0.0 7.0.9.40
ibm / java_sdk 7.1.0.0 7.1.3.40
ibm / java_sdk 8.0.0.0 8.0.3.0