CVE-2012-4820
Description
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://www-304.ibm.com/support/docview.wss?uid=swg21616546
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21631786
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21621154
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616708
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616652
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616617
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616616
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616594
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616490
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21615800
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21615705
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654
Application impact
References
- http://rhn.redhat.com/errata/RHSA-2012-1465.html
- http://rhn.redhat.com/errata/RHSA-2012-1466.html
- http://rhn.redhat.com/errata/RHSA-2012-1467.html
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://rhn.redhat.com/errata/RHSA-2013-1456.html
- http://seclists.org/bugtraq/2012/Sep/38
- http://secunia.com/advisories/51326
- http://secunia.com/advisories/51327
- http://secunia.com/advisories/51328
- http://secunia.com/advisories/51393
- http://secunia.com/advisories/51634
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654
- http://www-01.ibm.com/support/docview.wss?uid=swg21615705
- http://www-01.ibm.com/support/docview.wss?uid=swg21615800
- http://www-01.ibm.com/support/docview.wss?uid=swg21616490
- http://www-01.ibm.com/support/docview.wss?uid=swg21616594
- http://www-01.ibm.com/support/docview.wss?uid=swg21616616
- http://www-01.ibm.com/support/docview.wss?uid=swg21616617
- http://www-01.ibm.com/support/docview.wss?uid=swg21616652
- http://www-01.ibm.com/support/docview.wss?uid=swg21616708
- http://www-01.ibm.com/support/docview.wss?uid=swg21621154
- http://www-01.ibm.com/support/docview.wss?uid=swg21631786
- http://www.securityfocus.com/bid/55495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78764
- https://www-304.ibm.com/support/docview.wss?uid=swg21616546
Verify integrity in audit chain (admin only). AS-IS.