CVE-2012-4820

HIGH

Description

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."

References

http://rhn.redhat.com/errata/RHSA-2012-1465.html

http://rhn.redhat.com/errata/RHSA-2012-1466.html

http://rhn.redhat.com/errata/RHSA-2012-1467.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://seclists.org/bugtraq/2012/Sep/38

http://secunia.com/advisories/51326

http://secunia.com/advisories/51327

http://secunia.com/advisories/51328

http://secunia.com/advisories/51393

http://secunia.com/advisories/51634

http://www.securityfocus.com/bid/55495

http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654

http://www-01.ibm.com/support/docview.wss?uid=swg21615705

http://www-01.ibm.com/support/docview.wss?uid=swg21615800

http://www-01.ibm.com/support/docview.wss?uid=swg21616490

http://www-01.ibm.com/support/docview.wss?uid=swg21616594

http://www-01.ibm.com/support/docview.wss?uid=swg21616616

http://www-01.ibm.com/support/docview.wss?uid=swg21616617

http://www-01.ibm.com/support/docview.wss?uid=swg21616652

http://www-01.ibm.com/support/docview.wss?uid=swg21616708

http://www-01.ibm.com/support/docview.wss?uid=swg21621154

http://www-01.ibm.com/support/docview.wss?uid=swg21631786

https://exchange.xforce.ibmcloud.com/vulnerabilities/78764

https://www-304.ibm.com/support/docview.wss?uid=swg21616546

Details

Source: MITRE

Published: 2013-01-11

Updated: 2019-07-18

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 1.4.2 to 1.4.2.13.13 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 5.0.0.0 to 5.0.14.0 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 6.0.0.0 to 6.0.11.0 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 7.0.0.0 to 7.0.2.0 (inclusive)

cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*

cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*

cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*

cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*

cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
78976RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)NessusRed Hat Local Security Checks
critical
78975RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)NessusRed Hat Local Security Checks
critical
64063RHEL 5 : java-1.4.2-ibm (RHSA-2012:1485) (ROBOT)NessusRed Hat Local Security Checks
critical
63281IBM Lotus Notes 8.5.1 / 8.5.2 / 8.5.3 < 8.5.3 FP3 Multiple VulnerabilitiesNessusWindows
high
62932RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)NessusRed Hat Local Security Checks
critical
62931RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:1466) (ROBOT)NessusRed Hat Local Security Checks
critical
62930RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2012:1465) (ROBOT)NessusRed Hat Local Security Checks
critical