CVE-2012-4820

critical

Description

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."

References

https://www-304.ibm.com/support/docview.wss?uid=swg21616546

https://exchange.xforce.ibmcloud.com/vulnerabilities/78764

http://www.securityfocus.com/bid/55495

http://www-01.ibm.com/support/docview.wss?uid=swg21631786

http://www-01.ibm.com/support/docview.wss?uid=swg21621154

http://www-01.ibm.com/support/docview.wss?uid=swg21616708

http://www-01.ibm.com/support/docview.wss?uid=swg21616652

http://www-01.ibm.com/support/docview.wss?uid=swg21616617

http://www-01.ibm.com/support/docview.wss?uid=swg21616616

http://www-01.ibm.com/support/docview.wss?uid=swg21616594

http://www-01.ibm.com/support/docview.wss?uid=swg21616490

http://www-01.ibm.com/support/docview.wss?uid=swg21615800

http://www-01.ibm.com/support/docview.wss?uid=swg21615705

http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654

http://secunia.com/advisories/51634

http://secunia.com/advisories/51393

http://secunia.com/advisories/51328

http://secunia.com/advisories/51327

http://secunia.com/advisories/51326

http://seclists.org/bugtraq/2012/Sep/38

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2012-1467.html

http://rhn.redhat.com/errata/RHSA-2012-1466.html

http://rhn.redhat.com/errata/RHSA-2012-1465.html

Details

Source: Mitre, NVD

Published: 2013-01-11

Updated: 2019-07-18

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical