JDK: java.lang.reflect.Method invoke() code execution

🗓️ 22 Nov 2012 18:09:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Unspecified JRE vulnerability enables privilege gain via insecure use of Method invoke under a security manager.

Reporter	Title	Published	Views	Family All 62
IBM Security Bulletins	Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE excuted under a security manager.	25 Sep 202223:13	–	ibm
IBM Security Bulletins	Security Bulletin: TADDM: Vulnerabilities in embedded JRE	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Management Framework affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)	25 Sep 202222:39	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Storage Productivity Center clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)	25 Sep 202223:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Smart Analytics System 5600 clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)	25 Sep 202223:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Real Time clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)	26 Sep 202205:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)	25 Sep 202222:39	–	ibm
Check Point Advisories	IBM Java ProxyUtil Sandbox Breach (CVE-2012-4820)	20 Feb 201300:00	–	checkpoint_advisories
Check Point Advisories	IBM Java ProxyUtil Sandbox Breach - Ver2 (CVE-2012-4820)	18 May 201500:00	–	checkpoint_advisories
CVE	CVE-2012-4820	11 Jan 201300:00	–	cve

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.4.2-ibm	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-0:1.4.2.13.14-1jpp.1.el5_8.i386.rpm
Red Hat Enterprise Linux	5	ia64	java-1.4.2-ibm	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-0:1.4.2.13.14-1jpp.1.el5_8.ia64.rpm
Red Hat Enterprise Linux	5	ppc	java-1.4.2-ibm	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-0:1.4.2.13.14-1jpp.1.el5_8.ppc.rpm
Red Hat Enterprise Linux	5	ppc64	java-1.4.2-ibm	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-0:1.4.2.13.14-1jpp.1.el5_8.ppc64.rpm
Red Hat Enterprise Linux	5	s390	java-1.4.2-ibm	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-0:1.4.2.13.14-1jpp.1.el5_8.s390.rpm
Red Hat Enterprise Linux	5	s390x	java-1.4.2-ibm	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-0:1.4.2.13.14-1jpp.1.el5_8.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.4.2-ibm	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-0:1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.4.2-ibm-demo	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-demo-0:1.4.2.13.14-1jpp.1.el5_8.i386.rpm
Red Hat Enterprise Linux	5	ia64	java-1.4.2-ibm-demo	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-demo-0:1.4.2.13.14-1jpp.1.el5_8.ia64.rpm
Red Hat Enterprise Linux	5	ppc	java-1.4.2-ibm-demo	0:1.4.2.13.14-1jpp.1.el5_8	java-1.4.2-ibm-demo-0:1.4.2.13.14-1jpp.1.el5_8.ppc.rpm

Source	Link
xforce	www.xforce.iss.net/xforce/xfdb/78764
access	www.access.redhat.com/security/cve/CVE-2012-4820
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-4820
cve	www.cve.org/CVERecord

21 Nov 2025 17:41Current

5.9Medium risk

Vulners AI Score5.9

CVSS 29.3

EPSS0.08461

java invoke vulnerability security manager risk remote privilege gain vendor java versions