Oracle Java 7 Security Manager Bypass Vulnerability (CVE-2013-0422)

Share this post:

A new Java zero-day vulnerability, CVE-2013-0422, was publicly reported on January 10, 2013. Details about this issue are available in a Vulnerability Note published by CERT/CC Carnegie Mellon and also available in Alert (TA13-010A) published by the United States Computer Emergency Readiness Team (US-CERT).

This vulnerability can only be exploited as a client-side attack specifically targeting the browser software located on a user’s desktop; for more information about client-side attacks see “Client-Side Attacks: An Overview“. This vulnerability is not applicable to Java running on servers, desktop applications, nor embedded applications.

The IBM Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this exploit.

If you are using Oracle’s JDK or JRE 7 Update 10 or earlier, see Oracle Security Alert for CVE-2013-0422 for patch information.

Please check back for updates.

More stories

IBM Product Security Incident Response


May 20, 2020 9:00 am EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2020 Honggang Ren of Fortinet’s FortiGuard Labs Pawel Gocyla, (ING Tech Poland) Dries Eestermans, (nynox-dries)   Disclosures for 2019 Danang Tri Atmaja Jafar Abo more

A new and advanced Rowhammer-based attack on DDR4 memory

Mar 11, 2020 8:59 am EDT

A new and advanced Rowhammer-based attack on DDR4 memory was announced on March 10, 2020. (CVE-2020-10255) The attack has been shown to cause memory corruption in lab environments. Vulnerability exploitation on IBM Power processor architectures, IBM Z-based architectures, IBM Cloud and IBM storage products would be difficult. No customer actions are currently required. IBM Power more

XSA-304 and XSA-305 Security Vulnerabilities

Nov 13, 2019 12:30 pm EDT

IBM is aware of reported Intel vulnerabilities, CVE-2018-12207 and CVE-2019-11135, which are addressed by Citrix in the XSA-304 and XSA-305 security advisories. The vulnerabilities potentially could enable a denial of service attack or allow unauthorized access to recent memory content. There are no known malicious exploits of these vulnerabilities, which potentially impact the hypervisor. IBM more