Lucene search

[email protected]CVE-2012-4820

HistoryJan 11, 2013 - 12:55 a.m.

CVE-2012-4820

2013-01-1100:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2012-4820

jre

ibm java

java vulnerability

remote attackers

security manager

java.lang.reflect.method invoke() method

nvd

4.6 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.47 Medium

EPSS

Percentile

97.4%

JSON

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to “insecure use of the java.lang.reflect.Method invoke() method.”

CPENameOperatorVersion
ibm:lotus_dominoibm lotus dominoeq8.0.2.4
tivoli_storage_productivity_center:5.1.1tivoli storage productivity center 5.1.1eq*
ibm:lotus_notesibm lotus noteseq8.5.2.1
ibm:lotus_notes_traveleribm lotus notes travelereq8.5.0.0
ibm:lotus_notes_traveleribm lotus notes travelereq8.5.2.1
ibm:lotus_dominoibm lotus dominoeq8.5.2.4
ibm:lotus_notesibm lotus noteseq8.0.2.6
ibm:rational_host_on-demandibm rational host on-demandeq8.0.8.0
ibm:lotus_notesibm lotus noteseq8.5.3
ibm:tivoli_monitoringibm tivoli monitoringeq6.2.0.3

CPE	Name	Operator	Version
ibm:lotus_domino	ibm lotus domino	eq	8.0.2.4
tivoli_storage_productivity_center:5.1.1	tivoli storage productivity center 5.1.1	eq	*
ibm:lotus_notes	ibm lotus notes	eq	8.5.2.1
ibm:lotus_notes_traveler	ibm lotus notes traveler	eq	8.5.0.0
ibm:lotus_notes_traveler	ibm lotus notes traveler	eq	8.5.2.1
ibm:lotus_domino	ibm lotus domino	eq	8.5.2.4
ibm:lotus_notes	ibm lotus notes	eq	8.0.2.6
ibm:rational_host_on-demand	ibm rational host on-demand	eq	8.0.8.0
ibm:lotus_notes	ibm lotus notes	eq	8.5.3
ibm:tivoli_monitoring	ibm tivoli monitoring	eq	6.2.0.3

Rows per page:

1-10 of 1271

References

rhn.redhat.com/errata/RHSA-2012-1465.html

rhn.redhat.com/errata/RHSA-2012-1466.html

rhn.redhat.com/errata/RHSA-2012-1467.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

seclists.org/bugtraq/2012/Sep/38

secunia.com/advisories/51326

secunia.com/advisories/51327

secunia.com/advisories/51328

secunia.com/advisories/51393

secunia.com/advisories/51634

www-01.ibm.com/support/docview.wss?uid=swg1IV29654

www-01.ibm.com/support/docview.wss?uid=swg21615705

www-01.ibm.com/support/docview.wss?uid=swg21615800

www-01.ibm.com/support/docview.wss?uid=swg21616490

www-01.ibm.com/support/docview.wss?uid=swg21616594

www-01.ibm.com/support/docview.wss?uid=swg21616616

www-01.ibm.com/support/docview.wss?uid=swg21616617

www-01.ibm.com/support/docview.wss?uid=swg21616652

www-01.ibm.com/support/docview.wss?uid=swg21616708

www-01.ibm.com/support/docview.wss?uid=swg21621154

www-01.ibm.com/support/docview.wss?uid=swg21631786

www.securityfocus.com/bid/55495

exchange.xforce.ibmcloud.com/vulnerabilities/78764

www-304.ibm.com/support/docview.wss?uid=swg21616546

4.6 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.47 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2012-4820

checkpoint_advisories2 prion1 nessus7 ibm7 redhat6 veracode22