Deserialization Flaw in IBM Java SDK Impacts Security Mechanism

CVE-2016-0376

What is CVE-2016-0376?

The com.ibm.rmi.io.SunSerializableFactory class in specific versions of IBM SDK, Java Technology Edition contains a deserialization flaw that allows remote attackers to bypass sandbox protection mechanisms. This vulnerability arises from improper deserialization within an AccessController doPrivileged block, enabling harmful code execution. The issue has surfaced due to an incomplete fix for a previous vulnerability, raising significant security concerns for affected users and applications.

References