What is CVE-2013-5456?

CVE-2013-5456 is a vulnerability in Ibm Java. Published 2013-11-24.

Is CVE-2013-5456 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ibm Java

CVE-2013-5456

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController…

EPSS: 0.038 (88.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Java — versions 7.0.0.0
N/a — versions n/a

Public proof-of-concept exploits

PalindromeLabs/Java-Deserialization-CVEs

References

IV51329 (vendor-advisory, x_refsource_AIXAPAR)
ibm-java-cve20135456-code-exec(88255) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
SUSE-SU-2013:1677 (vendor-advisory, x_refsource_SUSE)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@us.ibm.com (x_refsource_MISC)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2013:1507 (x_refsource_REDHAT, vendor-advisory)
psirt@us.ibm.com (x_refsource_MISC)
56338 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2013-5456?: CVE-2013-5456 is a vulnerability in Ibm Java. Published 2013-11-24.
Is CVE-2013-5456 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.