CVE-2012-4820

Description

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."

CVSS Metrics

• v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 8.46%• Percentile: 93%

Affected Systems

• ibm•java

  ≥ 1.4.2, ≤ 1.4.2.13.13 | ≥ 5.0.0.0, ≤ 5.0.14.0 | ≥ 6.0.0.0, ≤ 6.0.11.0 | ≥ 7.0.0.0, ≤ 7.0.2.0

• ibm•lotus_domino

  8.0 | 8.0.1 | 8.0.2 | 8.0.2.1 | 8.0.2.2 | 8.0.2.3 | 8.0.2.4 | 8.5.0 | 8.5.0.1 | 8.5.1 | 8.5.1.1 | 8.5.1.2 | 8.5.1.3 | 8.5.1.4 | 8.5.1.5 | 8.5.2.0 | 8.5.2.1 | 8.5.2.2 | 8.5.2.3 | 8.5.2.4 | 8.5.3.0 | 8.5.3.1 | 8.5.3.2

• ibm•lotus_notes

  8.0 | 8.0.0 | 8.0.1 | 8.0.2 | 8.0.2.0 | 8.0.2.1 | 8.0.2.2 | 8.0.2.3 | 8.0.2.4 | 8.0.2.5 | 8.0.2.6 | 8.5 | 8.5.0.0 | 8.5.0.1 | 8.5.1 | 8.5.1.0 | 8.5.1.1 | 8.5.1.2 | 8.5.1.3 | 8.5.1.4 | 8.5.1.5 | 8.5.2.0 | 8.5.2.1 | 8.5.2.2 | 8.5.2.3 | 8.5.3 | 8.5.3.1 | 8.5.3.2 | 8.5.4

• ibm•lotus_notes_sametime

  8.0.80407 | 8.0.80822 | 8.5.1.20100709-1631

• ibm•lotus_notes_traveler

  8.0 | 8.0.1 | 8.0.1.2 | 8.0.1.3 | 8.5.0.0 | 8.5.0.1 | 8.5.0.2 | 8.5.1.1 | 8.5.1.2 | 8.5.1.3 | 8.5.2.1 | 8.5.3 | 8.5.3.1 | 8.5.3.2 | 8.5.3.3 | 8.5.3.3:interim_fix_1

• ibm•rational_change

  4.7 | 5.1 | 5.2 | 5.3

• ibm•rational_host_on-demand

  1.6.0.12 | 8.0.8.0 | 9.0.8.0 | 10.0.9.0 | 10.0.10.0 | 11.0.3.0 | 11.0.4.0 | 11.0.5.0 | 11.0.5.1 | 11.0.6.0 | 11.0.6.1

• ibm•service_delivery_manager

  7.2.1.0 | 7.2.2.0

• ibm•smart_analytics_system_5600

  7200

• ibm•smart_analytics_system_5600_software

  na | 9.7

• ibm•tivoli_monitoring

  6.1.0 | 6.1.0.7 | 6.2.0 | 6.2.0.1 | 6.2.0.2 | 6.2.0.3 | 6.2.1 | 6.2.1.0 | 6.2.1.1 | 6.2.1.2 | 6.2.1.3 | 6.2.1.4 | 6.2.2 | 6.2.2.0 | 6.2.2.1 | 6.2.2.2 | 6.2.2.3 | 6.2.2.4 | 6.2.2.5 | 6.2.2.6 | 6.2.2.7 | 6.2.2.8 | 6.2.2.9 | 6.2.3 | 6.2.3.0 | 6.2.3.1 | 6.2.3.2

• ibm•tivoli_remote_control

  5.1.2

• ibm•websphere_real_time

  2.0 | 3.0

References (25)

• http://rhn.redhat.com/errata/RHSA-2012-1466.html
• http://www-01.ibm.com/support/docview.wss?uid=swg21616616
• http://www-01.ibm.com/support/docview.wss?uid=swg21616594
• http://www-01.ibm.com/support/docview.wss?uid=swg21616617
• http://www-01.ibm.com/support/docview.wss?uid=swg21621154
• http://seclists.org/bugtraq/2012/Sep/38
• http://www-01.ibm.com/support/docview.wss?uid=swg21616652
• http://rhn.redhat.com/errata/RHSA-2013-1455.html
• http://www.securityfocus.com/bid/55495
• http://www-01.ibm.com/support/docview.wss?uid=swg21631786
• http://www-01.ibm.com/support/docview.wss?uid=swg21615800
• http://www-01.ibm.com/support/docview.wss?uid=swg21616490
• http://secunia.com/advisories/51327
• https://www-304.ibm.com/support/docview.wss?uid=swg21616546
• https://exchange.xforce.ibmcloud.com/vulnerabilities/78764
• http://rhn.redhat.com/errata/RHSA-2012-1467.html
• http://rhn.redhat.com/errata/RHSA-2012-1465.html
• http://secunia.com/advisories/51328
• http://www-01.ibm.com/support/docview.wss?uid=swg21616708
• http://secunia.com/advisories/51634
• http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654
• http://www-01.ibm.com/support/docview.wss?uid=swg21615705
• http://rhn.redhat.com/errata/RHSA-2013-1456.html
• http://secunia.com/advisories/51393
• http://secunia.com/advisories/51326