Vulnerability Description
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Java | >= 1.4.2, <= 1.4.2.13.13 |
| Ibm | Lotus Domino | 8.0 |
| Ibm | Lotus Notes | 8.0 |
| Ibm | Lotus Notes Sametime | 8.0.80407 |
| Ibm | Lotus Notes Traveler | 8.0 |
| Ibm | Rational Change | 4.7 |
| Ibm | Rational Host On-Demand | 1.6.0.12 |
| Ibm | Service Delivery Manager | 7.2.1.0 |
| Ibm | Smart Analytics System 5600 Software | - |
| Ibm | Tivoli Monitoring | 6.1.0 |
| Ibm | Tivoli Remote Control | 5.1.2 |
| Ibm | Websphere Real Time | 2.0 |
| Tivoli Storage Productivity Center | 5.0 | All versions |
| Tivoli Storage Productivity Center | 5.1 | All versions |
| Tivoli Storage Productivity Center | 5.1.1 | All versions |
| Ibm | Smart Analytics System 5600 | 7200 |
References
- http://rhn.redhat.com/errata/RHSA-2012-1466.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1467.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1455.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1456.htmlThird Party Advisory
- http://seclists.org/bugtraq/2012/Sep/38Mailing ListThird Party Advisory
- http://secunia.com/advisories/51326Third Party Advisory
- http://secunia.com/advisories/51327Third Party Advisory
- http://secunia.com/advisories/51634Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21615705Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21615800Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616490Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616594Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616616Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21616617Vendor Advisory
FAQ
What is CVE-2012-4823?
CVE-2012-4823 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used ...
How severe is CVE-2012-4823?
CVE-2012-4823 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4823?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Java, Ibm Lotus Domino, Ibm Lotus Notes, Ibm Lotus Notes Sametime, Ibm Lotus Notes Traveler.