- Vulnerability/
- REDHAT-BUG-1027760
REDHAT-BUG-1027760
First published: Thu Nov 07 2013(Updated: )
An unspecified Java sandbox bypass issue in the ORB component was fixed in IBM JDK 7 SR6 and 6 SR15. This issue got the following CVSSv2 score upstream: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C <a href="https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013">https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013</a> <a href="https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6">https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6</a> <a href="https://www.ibm.com/developerworks/java/jdk/aix/j632/Java6.fixes.html#SR15">https://www.ibm.com/developerworks/java/jdk/aix/j632/Java6.fixes.html#SR15</a> Further info is available in this WebSphere Real Time security bulletin: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R">http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R</a> <a href="https://access.redhat.com/security/cve/CVE-2013-5456">CVE-2013-5456</a>, <a href="https://access.redhat.com/security/cve/CVE-2013-5457">CVE-2013-5457</a> and <a href="https://access.redhat.com/security/cve/CVE-2013-5458">CVE-2013-5458</a> allow code running under a security manager to escalate its privileges by modifying or removing the security manager. Additional details may become available under this X-Force database article: <a href="http://xforce.iss.net/xforce/xfdb/88256">http://xforce.iss.net/xforce/xfdb/88256</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM JDK 8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
- https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6
- https://www.ibm.com/developerworks/java/jdk/aix/j632/Java6.fixes.html#SR15
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R
- https://access.redhat.com/security/cve/CVE-2013-5456
- https://access.redhat.com/security/cve/CVE-2013-5457
- https://access.redhat.com/security/cve/CVE-2013-5458
- http://xforce.iss.net/xforce/xfdb/88256
- https://rhn.redhat.com/errata/RHSA-2013-1508.html
- https://rhn.redhat.com/errata/RHSA-2013-1507.html
- https://rhn.redhat.com/errata/RHSA-2013-1793.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1027760
- collector/redhat-bugzilla
- alias/CVE-2013-5457
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm jdk 8