CVE-2013-4041 - Vulnerability Details

Vendors	Products
Ibm	Java
Redhat	Network Satellite Rhel Extras

Package	CPE	Advisory	Released Date
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6	cpe:/a:redhat:network_satellite:5.4::el5	RHSA-2013:1793	2013-12-05T00:00:00Z
Red Hat Network Satellite Server v 5.5
java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6	cpe:/a:redhat:network_satellite:5.5::el5	RHSA-2013:1793	2013-12-05T00:00:00Z
Red Hat Satellite 5.6
java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2013:1793	2013-12-05T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10	cpe:/a:redhat:rhel_extras:5	RHSA-2013:1507	2013-11-07T00:00:00Z
java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5_10	cpe:/a:redhat:rhel_extras:5	RHSA-2013:1508	2013-11-07T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el5_10	cpe:/a:redhat:rhel_extras:5	RHSA-2013:1509	2013-11-07T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:1507	2013-11-07T00:00:00Z
java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:1508	2013-11-07T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:1509	2013-11-07T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://rhn.redhat.com/errata/RHSA-2013-1508.html
http://rhn.redhat.com/errata/RHSA-2013-1509.html
http://rhn.redhat.com/errata/RHSA-2013-1793.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087
http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
https://exchange.xforce.ibmcloud.com/vulnerabilities/86416
https://nvd.nist.gov/vuln/detail/CVE-2013-4041
https://www.cve.org/CVERecord?id=CVE-2013-4041
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-java-cve20134041-priv-escalation(86416)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86416"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202"}, {"name": "IV51088", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088"}, {"name": "RHSA-2013:1508", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"}, {"name": "SUSE-SU-2013:1677", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013"}, {"name": "IV51087", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087"}, {"name": "RHSA-2013:1793", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"}, {"name": "RHSA-2013:1509", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html"}, {"name": "RHSA-2013:1507", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"}, {"name": "56338", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56338"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-4041", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-java-cve20134041-priv-escalation(86416)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86416"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202"}, {"name": "IV51088", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088"}, {"name": "RHSA-2013:1508", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"}, {"name": "SUSE-SU-2013:1677", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"}, {"name": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013", "refsource": "CONFIRM", "url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013"}, {"name": "IV51087", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087"}, {"name": "RHSA-2013:1793", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"}, {"name": "RHSA-2013:1509", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html"}, {"name": "RHSA-2013:1507", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"}, {"name": "56338", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56338"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:30:49.863Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-java-cve20134041-priv-escalation(86416)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86416"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202"}, {"name": "IV51088", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088"}, {"name": "RHSA-2013:1508", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"}, {"name": "SUSE-SU-2013:1677", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013"}, {"name": "IV51087", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087"}, {"name": "RHSA-2013:1793", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"}, {"name": "RHSA-2013:1509", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html"}, {"name": "RHSA-2013:1507", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"}, {"name": "56338", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56338"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-4041", "datePublished": "2013-11-24T18:00:00", "dateReserved": "2013-06-07T00:00:00", "dateUpdated": "2024-08-06T16:30:49.863Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2013-11-06T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : ibm-java-cve20134041-priv-escalation(86416) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/86416 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655202 (string)

}

2 : { »

name : IV51088 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088 (string)

}

3 : { »

name : RHSA-2013:1508 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1508.html (string)

}

4 : { »

name : SUSE-SU-2013:1677 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655201 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 (string)

}

7 : { »

name : IV51087 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087 (string)

}

8 : { »

name : RHSA-2013:1793 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1793.html (string)

}

9 : { »

name : RHSA-2013:1509 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1509.html (string)

}

10 : { »

name : RHSA-2013:1507 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1507.html (string)

}

11 : { »

name : 56338 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/56338 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2013-4041 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : ibm-java-cve20134041-priv-escalation(86416) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/86416 (string)

}

1 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21655202 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655202 (string)

}

2 : { »

name : IV51088 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088 (string)

}

3 : { »

name : RHSA-2013:1508 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1508.html (string)

}

4 : { »

name : SUSE-SU-2013:1677 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html (string)

}

5 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21655201 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655201 (string)

}

6 : { »

name : https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 (string)

refsource : CONFIRM (string)

url : https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 (string)

}

7 : { »

name : IV51087 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087 (string)

}

8 : { »

name : RHSA-2013:1793 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1793.html (string)

}

9 : { »

name : RHSA-2013:1509 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1509.html (string)

}

10 : { »

name : RHSA-2013:1507 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1507.html (string)

}

11 : { »

name : 56338 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/56338 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T16:30:49.863Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : ibm-java-cve20134041-priv-escalation(86416) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/86416 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655202 (string)

}

2 : { »

name : IV51088 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088 (string)

}

3 : { »

name : RHSA-2013:1508 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1508.html (string)

}

4 : { »

name : SUSE-SU-2013:1677 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655201 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 (string)

}

7 : { »

name : IV51087 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087 (string)

}

8 : { »

name : RHSA-2013:1793 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1793.html (string)

}

9 : { »

name : RHSA-2013:1509 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1509.html (string)

}

10 : { »

name : RHSA-2013:1507 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-1507.html (string)

}

11 : { »

name : 56338 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/56338 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2013-4041 (string)

datePublished : 2013-11-24T18:00:00 (string)

dateReserved : 2013-06-07T00:00:00 (string)

dateUpdated : 2024-08-06T16:30:49.863Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el Java SDK de IBM 5.0.0 anteriores a SR16 FP4, 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos acceder clases restringidas a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-4041", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-24T18:55:04.240", "references": [{"source": "psirt@us.ibm.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"}, {"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/56338"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86416"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1509.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/56338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 03D3F84F-3F6E-4DF1-B162-152293D951EA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 14AD4A87-382A-41F0-96D8-0F0A9B738773 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 33701DDF-6882-41D3-A11B-A1F4585A77A7 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9A8BF650-B8F5-467E-8DBF-81788B55F345 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad no especificada en el Java SDK de IBM 5.0.0 anteriores a SR16 FP4, 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos acceder clases restringidas a través de vectores no especificados. (string)

}

]

id : CVE-2013-4041 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2013-11-24T18:55:04.240 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

url : http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html (string)

}

1 : { »

source : psirt@us.ibm.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1507.html (string)

}

2 : { »

source : psirt@us.ibm.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1508.html (string)

}

3 : { »

source : psirt@us.ibm.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1509.html (string)

}

4 : { »

source : psirt@us.ibm.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1793.html (string)

}

5 : { »

source : psirt@us.ibm.com (string)

url : http://secunia.com/advisories/56338 (string)

}

6 : { »

source : psirt@us.ibm.com (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087 (string)

}

7 : { »

source : psirt@us.ibm.com (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088 (string)

}

8 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655201 (string)

}

9 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655202 (string)

}

10 : { »

source : psirt@us.ibm.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/86416 (string)

}

11 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1507.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1508.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1509.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-1793.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/56338 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51087 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV51088 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655201 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21655202 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/86416 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2013:1793", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2013-12-05T00:00:00Z"}, {"advisory": "RHSA-2013:1793", "cpe": "cpe:/a:redhat:network_satellite:5.5::el5", "package": "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6", "product_name": "Red Hat Network Satellite Server v 5.5", "release_date": "2013-12-05T00:00:00Z"}, {"advisory": "RHSA-2013:1793", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6", "product_name": "Red Hat Satellite 5.6", "release_date": "2013-12-05T00:00:00Z"}, {"advisory": "RHSA-2013:1507", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-11-07T00:00:00Z"}, {"advisory": "RHSA-2013:1508", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5_10", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-11-07T00:00:00Z"}, {"advisory": "RHSA-2013:1509", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el5_10", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-11-07T00:00:00Z"}, {"advisory": "RHSA-2013:1507", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-11-07T00:00:00Z"}, {"advisory": "RHSA-2013:1508", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-11-07T00:00:00Z"}, {"advisory": "RHSA-2013:1509", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-11-07T00:00:00Z"}], "bugzilla": {"description": "JDK: unspecified sandbox bypass (JVM)", "id": "1027764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027764"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors."], "name": "CVE-2013-4041", "public_date": "2013-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4041\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4041"], "threat_severity": "Critical"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2013:1793 (string)

cpe : cpe:/a:redhat:network_satellite:5.4::el5 (string)

package : java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6 (string)

product_name : Red Hat Network Satellite Server v 5.4 (string)

release_date : 2013-12-05T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2013:1793 (string)

cpe : cpe:/a:redhat:network_satellite:5.5::el5 (string)

package : java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6 (string)

product_name : Red Hat Network Satellite Server v 5.5 (string)

release_date : 2013-12-05T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2013:1793 (string)

cpe : cpe:/a:redhat:network_satellite:5.6::el5 (string)

package : java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6 (string)

product_name : Red Hat Satellite 5.6 (string)

release_date : 2013-12-05T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2013:1507 (string)

cpe : cpe:/a:redhat:rhel_extras:5 (string)

package : java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10 (string)

product_name : Supplementary for Red Hat Enterprise Linux 5 (string)

release_date : 2013-11-07T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2013:1508 (string)

cpe : cpe:/a:redhat:rhel_extras:5 (string)

package : java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5_10 (string)

product_name : Supplementary for Red Hat Enterprise Linux 5 (string)

release_date : 2013-11-07T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2013:1509 (string)

cpe : cpe:/a:redhat:rhel_extras:5 (string)

package : java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el5_10 (string)

product_name : Supplementary for Red Hat Enterprise Linux 5 (string)

release_date : 2013-11-07T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2013:1507 (string)

cpe : cpe:/a:redhat:rhel_extras:6 (string)

package : java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4 (string)

product_name : Supplementary for Red Hat Enterprise Linux 6 (string)

release_date : 2013-11-07T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2013:1508 (string)

cpe : cpe:/a:redhat:rhel_extras:6 (string)

package : java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6_4 (string)

product_name : Supplementary for Red Hat Enterprise Linux 6 (string)

release_date : 2013-11-07T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2013:1509 (string)

cpe : cpe:/a:redhat:rhel_extras:6 (string)

package : java-1.5.0-ibm-1:1.5.0.16.4-1jpp.1.el6_4 (string)

product_name : Supplementary for Red Hat Enterprise Linux 6 (string)

release_date : 2013-11-07T00:00:00Z (string)

}

]

bugzilla : { »

description : JDK: unspecified sandbox bypass (JVM) (string)

id : 1027764 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1027764 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

details : [ »

0 : Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. (string)

]

name : CVE-2013-4041 (string)

public_date : 2013-11-05T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2013-4041 https://nvd.nist.gov/vuln/detail/CVE-2013-4041 (string)

]

threat_severity : Critical (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object