Unrated severityNVD Advisory· Published Nov 24, 2013· Updated Apr 29, 2026
CVE-2013-5456
CVE-2013-5456
Description
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- www.ibm.com/developerworks/java/jdk/alerts/nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1507.htmlnvd
- secunia.com/advisories/56338nvd
- www-01.ibm.com/support/docview.wssnvd
- www.security-explorations.com/materials/SE-2012-01-IBM-3.pdfnvd
- www.security-explorations.com/materials/SE-2012-01-IBM-5.pdfnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/88255nvd
News mentions
0No linked articles in our index yet.