Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM SDK, Java Technology Edition 安全漏洞
Vulnerability Description
IBM SDK, Java Technology Edition是美国国际商业机器(IBM)公司的一款用于Java应用程序开发的软件开发工具包。 IBM SDK, Java Technology Edition中的com.ibm.rmi.io.SunSerializableFactory类存在安全漏洞,该漏洞源于程序没有正确反序列化AccessController doPrivileged块中的类。远程攻击者可利用该漏洞绕过沙盒保护机制,在系统上执行任意代码。以下版本受到影响:IBM SDK, Java
CVSS Information
N/A
Vulnerability Type
N/A