CVE-2012-4823

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."

References

http://rhn.redhat.com/errata/RHSA-2012-1466.html

http://rhn.redhat.com/errata/RHSA-2012-1467.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://seclists.org/bugtraq/2012/Sep/38

http://secunia.com/advisories/51326

http://secunia.com/advisories/51327

http://secunia.com/advisories/51634

http://www.securityfocus.com/bid/55495

http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687

http://www-01.ibm.com/support/docview.wss?uid=swg21615705

http://www-01.ibm.com/support/docview.wss?uid=swg21615800

http://www-01.ibm.com/support/docview.wss?uid=swg21616490

http://www-01.ibm.com/support/docview.wss?uid=swg21616594

http://www-01.ibm.com/support/docview.wss?uid=swg21616616

http://www-01.ibm.com/support/docview.wss?uid=swg21616617

http://www-01.ibm.com/support/docview.wss?uid=swg21616652

http://www-01.ibm.com/support/docview.wss?uid=swg21616708

http://www-01.ibm.com/support/docview.wss?uid=swg21621154

https://exchange.xforce.ibmcloud.com/vulnerabilities/78767

https://www-304.ibm.com/support/docview.wss?uid=swg21616546

Details

Source: MITRE

Published: 2013-01-11

Updated: 2019-07-18

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 1.4.2 to 1.4.2.13.13 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 5.0.0.0 to 5.0.14.0 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 6.0.0.0 to 6.0.11.0 (inclusive)

cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:* versions from 7.0.0.0 to 7.0.2.0 (inclusive)

cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*

cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*

cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*

cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*

cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
78976RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)NessusRed Hat Local Security Checks
critical
78975RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)NessusRed Hat Local Security Checks
critical
63281IBM Lotus Notes 8.5.1 / 8.5.2 / 8.5.3 < 8.5.3 FP3 Multiple VulnerabilitiesNessusWindows
high
62932RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)NessusRed Hat Local Security Checks
critical
62931RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:1466) (ROBOT)NessusRed Hat Local Security Checks
critical