Deserialization Flaw in IBM Java SDK Impacts Security Mechanism
CVE-2016-0376
8.1HIGH
Key Information:
- Vendor
- Novell
- Status
- Vendor
- CVE Published:
- 3 June 2016
Summary
The com.ibm.rmi.io.SunSerializableFactory class in specific versions of IBM SDK, Java Technology Edition contains a deserialization flaw that allows remote attackers to bypass sandbox protection mechanisms. This vulnerability arises from improper deserialization within an AccessController doPrivileged block, enabling harmful code execution. The issue has surfaced due to an incomplete fix for a previous vulnerability, raising significant security concerns for affected users and applications.
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved