CVE-2012-4821
5.5 Medium
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.124 Low
EPSS
Percentile
95.4%
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via “insecure use” of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
References
rhn.redhat.com/errata/RHSA-2012-1467.html
seclists.org/bugtraq/2012/Sep/38
secunia.com/advisories/51326
secunia.com/advisories/51634
www-01.ibm.com/support/docview.wss?uid=swg1IV29659
www-01.ibm.com/support/docview.wss?uid=swg21615705
www-01.ibm.com/support/docview.wss?uid=swg21615800
www-01.ibm.com/support/docview.wss?uid=swg21616490
www-01.ibm.com/support/docview.wss?uid=swg21616594
www-01.ibm.com/support/docview.wss?uid=swg21616616
www-01.ibm.com/support/docview.wss?uid=swg21616617
www-01.ibm.com/support/docview.wss?uid=swg21616652
www-01.ibm.com/support/docview.wss?uid=swg21616708
www-01.ibm.com/support/docview.wss?uid=swg21621154
www.securityfocus.com/bid/55495
exchange.xforce.ibmcloud.com/vulnerabilities/78765
www-304.ibm.com/support/docview.wss?uid=swg21616546
Related
5.5 Medium
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.124 Low
EPSS
Percentile
95.4%