Vulnerability Description
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Java | >= 1.4.2, <= 1.4.2.13.13 |
| Ibm | Lotus Domino | 8.0 |
| Ibm | Lotus Notes | 8.0 |
| Ibm | Lotus Notes Sametime | 8.0.80407 |
| Ibm | Lotus Notes Traveler | 8.0 |
| Ibm | Rational Change | 4.7 |
| Ibm | Rational Host On-Demand | 1.6.0.12 |
| Ibm | Service Delivery Manager | 7.2.1.0 |
| Ibm | Smart Analytics System 5600 Software | - |
| Ibm | Tivoli Monitoring | 6.1.0 |
| Ibm | Tivoli Remote Control | 5.1.2 |
| Ibm | Websphere Real Time | 2.0 |
| Tivoli Storage Productivity Center | 5.0 | All versions |
| Tivoli Storage Productivity Center | 5.1 | All versions |
| Tivoli Storage Productivity Center | 5.1.1 | All versions |
| Ibm | Smart Analytics System 5600 | 7200 |
References
- http://rhn.redhat.com/errata/RHSA-2012-1465.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1466.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1467.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1455.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1456.htmlThird Party Advisory
- http://seclists.org/bugtraq/2012/Sep/38Mailing ListThird Party Advisory
- http://secunia.com/advisories/51326Third Party Advisory
- http://secunia.com/advisories/51327Third Party Advisory
- http://secunia.com/advisories/51328Third Party Advisory
- http://secunia.com/advisories/51393Third Party Advisory
- http://secunia.com/advisories/51634Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21615705Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21615800Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616490Vendor Advisory
FAQ
What is CVE-2012-4820?
CVE-2012-4820 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used ...
How severe is CVE-2012-4820?
CVE-2012-4820 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4820?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java, Ibm Lotus Domino, Ibm Lotus Notes, Ibm Lotus Notes Sametime, Ibm Lotus Notes Traveler.