JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

🗓️ 29 Apr 2016 17:50:18Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

IBM Java insecure deserialization in CORBA due to incomplete fix for CVE-2013-5456 enabling remote code execution.

Reporter	Title	Published	Views	Family All 131
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Functional Tester (CVE-2016-0363, CVE-2016-0376)	29 Sep 201820:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack	8 Aug 201804:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2013	18 Jun 201800:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS	31 May 202203:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server October 2013 CPU	25 Sep 202223:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java JRE, 8.0-1.1 affect IBM Netezza Platform Software clients.	7 Dec 202008:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics	2 Dec 202004:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Explorer for z/OS V3.0 (CVE-2016-0363 and CVE-2016-0376)	26 Nov 201912:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Streams update of IBM® SDK Java™ Technology Edition (CVE-2016-0363, CVE-2016-0376)	16 Jun 201813:40	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	i686	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7.i686.rpm
Red Hat Enterprise Linux	6	ppc64	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el6_7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7.x86_64.rpm
Red Hat Enterprise Linux	7	i686	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7.i686.rpm
Red Hat Enterprise Linux	7	ppc	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7.ppc.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7.ppc64le.rpm
Red Hat Enterprise Linux	7	s390	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7.s390.rpm
Red Hat Enterprise Linux	7	s390x	java-1.7.1-ibm	1:1.7.1.3.40-1jpp.1.el7	java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7.s390x.rpm

Source	Link
ibm	www.ibm.com/developerworks/java/jdk/alerts/
access	www.access.redhat.com/security/cve/CVE-2016-0376
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-0376
cve	www.cve.org/CVERecord

21 Nov 2025 17:55Current

7.8High risk

Vulners AI Score7.8

CVSS 29.3

CVSS 38.1

EPSS0.03778

insecure deserialization corba security sandbox bypass remote code execution ibm java sdk