Vulnerability Description
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Java | >= 1.4.2, <= 1.4.2.13.13 |
| Ibm | Lotus Domino | 8.0 |
| Ibm | Lotus Notes | 8.0 |
| Ibm | Lotus Notes Sametime | 8.0.80407 |
| Ibm | Lotus Notes Traveler | 8.0 |
| Ibm | Rational Change | 4.7 |
| Ibm | Rational Host On-Demand | 1.6.0.12 |
| Ibm | Service Delivery Manager | 7.2.1.0 |
| Ibm | Smart Analytics System 5600 Software | - |
| Ibm | Tivoli Monitoring | 6.1.0 |
| Ibm | Tivoli Remote Control | 5.1.2 |
| Ibm | Websphere Real Time | 2.0 |
| Tivoli Storage Productivity Center | 5.0 | All versions |
| Tivoli Storage Productivity Center | 5.1 | All versions |
| Tivoli Storage Productivity Center | 5.1.1 | All versions |
| Ibm | Smart Analytics System 5600 | 7200 |
References
- http://rhn.redhat.com/errata/RHSA-2012-1467.htmlThird Party Advisory
- http://seclists.org/bugtraq/2012/Sep/38Mailing ListThird Party Advisory
- http://secunia.com/advisories/51326Third Party Advisory
- http://secunia.com/advisories/51634Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21615705Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21615800Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616490Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616594Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616616Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616617Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616652Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616708Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21621154Vendor Advisory
- http://www.securityfocus.com/bid/55495Third Party AdvisoryVDB Entry
FAQ
What is CVE-2012-4821?
CVE-2012-4821 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlie...
How severe is CVE-2012-4821?
CVE-2012-4821 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4821?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java, Ibm Lotus Domino, Ibm Lotus Notes, Ibm Lotus Notes Sametime, Ibm Lotus Notes Traveler.