IBM SDK Java Technology Edition Sandbox com.ibm.CORBA.iiop.ClientDelegate input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.7 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in IBM SDK Java Technology Edition up to 6.0.16.24/6.1.8.24/7.0.9.39/7.1.3.39/8.0.2.x. This impacts the function com.ibm.CORBA.iiop.ClientDelegate of the component Sandbox. Performing a manipulation results in input validation.
This vulnerability was named CVE-2016-0363. The attack may be initiated remotely. There is no available exploit.
It is recommended to upgrade the affected component.
Details
A vulnerability classified as very critical has been found in IBM SDK Java Technology Edition up to 6.0.16.24/6.1.8.24/7.0.9.39/7.1.3.39/8.0.2.x (Programming Language Software). This affects the function com.ibm.CORBA.iiop.ClientDelegate of the component Sandbox. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
The weakness was presented 06/03/2016 by Adam Gowdiak with Security Explorations (Website). It is possible to read the advisory at security-explorations.com. This vulnerability is uniquely identified as CVE-2016-0363 since 12/08/2015. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/22/2022). It is expected to see the exploit prices for this product increasing in the near future.
The vulnerability scanner Nessus provides a plugin with the ID 90819 (RHEL 5 : java-1.7.0-ibm (RHSA-2016:0702)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Red Hat Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 121766 (IBM Java SDK Multiple Vulnerabilities (Oracle April 19 2016 CPU, IBM Security Update April 2016)).
Upgrading to version 6.0.16.25, 6.1.8.25, 7.0.9.40, 7.1.3.40 or 8.0.3.0 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (90819) and SecurityFocus (BID 85895†). See VDB-82658, VDB-82655, VDB-82659 and VDB-82653 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
- 6.0.16.0
- 6.0.16.1
- 6.0.16.2
- 6.0.16.3
- 6.0.16.4
- 6.0.16.5
- 6.0.16.6
- 6.0.16.7
- 6.0.16.8
- 6.0.16.9
- 6.0.16.10
- 6.0.16.11
- 6.0.16.12
- 6.0.16.13
- 6.0.16.14
- 6.0.16.15
- 6.0.16.16
- 6.0.16.17
- 6.0.16.18
- 6.0.16.19
- 6.0.16.20
- 6.0.16.21
- 6.0.16.22
- 6.0.16.23
- 6.0.16.24
- 6.1.8.0
- 6.1.8.1
- 6.1.8.2
- 6.1.8.3
- 6.1.8.4
- 6.1.8.5
- 6.1.8.6
- 6.1.8.7
- 6.1.8.8
- 6.1.8.9
- 6.1.8.10
- 6.1.8.11
- 6.1.8.12
- 6.1.8.13
- 6.1.8.14
- 6.1.8.15
- 6.1.8.16
- 6.1.8.17
- 6.1.8.18
- 6.1.8.19
- 6.1.8.20
- 6.1.8.21
- 6.1.8.22
- 6.1.8.23
- 6.1.8.24
- 7.0.9.0
- 7.0.9.1
- 7.0.9.2
- 7.0.9.3
- 7.0.9.4
- 7.0.9.5
- 7.0.9.6
- 7.0.9.7
- 7.0.9.8
- 7.0.9.9
- 7.0.9.10
- 7.0.9.11
- 7.0.9.12
- 7.0.9.13
- 7.0.9.14
- 7.0.9.15
- 7.0.9.16
- 7.0.9.17
- 7.0.9.18
- 7.0.9.19
- 7.0.9.20
- 7.0.9.21
- 7.0.9.22
- 7.0.9.23
- 7.0.9.24
- 7.0.9.25
- 7.0.9.26
- 7.0.9.27
- 7.0.9.28
- 7.0.9.29
- 7.0.9.30
- 7.0.9.31
- 7.0.9.32
- 7.0.9.33
- 7.0.9.34
- 7.0.9.35
- 7.0.9.36
- 7.0.9.37
- 7.0.9.38
- 7.0.9.39
- 7.1.3.0
- 7.1.3.1
- 7.1.3.2
- 7.1.3.3
- 7.1.3.4
- 7.1.3.5
- 7.1.3.6
- 7.1.3.7
- 7.1.3.8
- 7.1.3.9
- 7.1.3.10
- 7.1.3.11
- 7.1.3.12
- 7.1.3.13
- 7.1.3.14
- 7.1.3.15
- 7.1.3.16
- 7.1.3.17
- 7.1.3.18
- 7.1.3.19
- 7.1.3.20
- 7.1.3.21
- 7.1.3.22
- 7.1.3.23
- 7.1.3.24
- 7.1.3.25
- 7.1.3.26
- 7.1.3.27
- 7.1.3.28
- 7.1.3.29
- 7.1.3.30
- 7.1.3.31
- 7.1.3.32
- 7.1.3.33
- 7.1.3.34
- 7.1.3.35
- 7.1.3.36
- 7.1.3.37
- 7.1.3.38
- 7.1.3.39
- 8.0.0
- 8.0.1
- 8.0.2
License
Website
- Vendor: https://www.ibm.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.9VulDB Meta Temp Score: 8.6
VulDB Base Score: 9.6
VulDB Temp Score: 9.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.1
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 90819
Nessus Name: RHEL 5 : java-1.7.0-ibm (RHSA-2016:0702)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 57582
OpenVAS Name: SuSE Update for java-1_7_1-ibm SUSE-SU-2016:1299-1 (java-1_7_1-ibm)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: SDK Java Technology Edition 6.0.16.25/6.1.8.25/7.0.9.40/7.1.3.40/8.0.3.0
Timeline
12/08/2015 🔍04/07/2016 🔍
04/29/2016 🔍
05/02/2016 🔍
06/03/2016 🔍
06/03/2016 🔍
06/04/2016 🔍
08/22/2022 🔍
Sources
Vendor: ibm.comAdvisory: RHSA-2016:0702
Researcher: Adam Gowdiak
Organization: Security Explorations
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-0363 (🔍)
GCVE (CVE): GCVE-0-2016-0363
GCVE (VulDB): GCVE-100-87723
SecurityFocus: 85895 - IBM Java SDK Incomplete Fix Remote Code Execution Vulnerability
SecurityTracker: 1035953
See also: 🔍
Entry
Created: 06/04/2016 12:26Updated: 08/22/2022 19:44
Changes: 06/04/2016 12:26 (68), 01/01/2019 12:42 (15), 08/22/2022 19:30 (4), 08/22/2022 19:37 (1), 08/22/2022 19:44 (1)
Complete: 🔍
Cache ID: 216:D90:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.