CVE-2012-4821
Description
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://www-304.ibm.com/support/docview.wss?uid=swg21616546
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21621154
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616708
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616652
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616617
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616616
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616594
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21616490
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21615800
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21615705
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659
Application impact
References
- http://rhn.redhat.com/errata/RHSA-2012-1467.html
- http://seclists.org/bugtraq/2012/Sep/38
- http://secunia.com/advisories/51326
- http://secunia.com/advisories/51634
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659
- http://www-01.ibm.com/support/docview.wss?uid=swg21615705
- http://www-01.ibm.com/support/docview.wss?uid=swg21615800
- http://www-01.ibm.com/support/docview.wss?uid=swg21616490
- http://www-01.ibm.com/support/docview.wss?uid=swg21616594
- http://www-01.ibm.com/support/docview.wss?uid=swg21616616
- http://www-01.ibm.com/support/docview.wss?uid=swg21616617
- http://www-01.ibm.com/support/docview.wss?uid=swg21616652
- http://www-01.ibm.com/support/docview.wss?uid=swg21616708
- http://www-01.ibm.com/support/docview.wss?uid=swg21621154
- http://www.securityfocus.com/bid/55495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78765
- https://www-304.ibm.com/support/docview.wss?uid=swg21616546
- http://rhn.redhat.com/errata/RHSA-2012-1467.html
- http://seclists.org/bugtraq/2012/Sep/38
- http://secunia.com/advisories/51326
- http://secunia.com/advisories/51634
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659
- http://www-01.ibm.com/support/docview.wss?uid=swg21615705
- http://www-01.ibm.com/support/docview.wss?uid=swg21615800
- http://www-01.ibm.com/support/docview.wss?uid=swg21616490
Verify integrity in audit chain (admin only). AS-IS.