Vulnerabilities > CVE-2012-4821 - Remote Code Execution vulnerability in IBM Java

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

ibm

tivoli-storage-productivity-center

critical

nessus

NVD

Published: 2013-01-11

Updated: 2019-07-18

Summary

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Java 1.4.2 IBM Java 1.4.2.13 IBM Java 1.4.2.13.1 IBM Java 1.4.2.13.2 IBM Java 1.4.2.13.3 IBM Java 1.4.2.13.4 IBM Java 1.4.2.13.5 IBM Java 1.4.2.13.6 IBM Java 1.4.2.13.7 IBM Java 1.4.2.13.8 IBM Java 1.4.2.13.9 IBM Java 1.4.2.13.10 IBM Java 1.4.2.13.11 IBM Java 1.4.2.13.12 IBM Java 1.4.2.13.13 IBM Java 5.0.0.0 IBM Java 5.0.11.0 IBM Java 5.0.11.1 IBM Java 5.0.11.2 IBM Java 5.0.12.0 IBM Java 5.0.12.1 IBM Java 5.0.12.2 IBM Java 5.0.12.3 IBM Java 5.0.12.4 IBM Java 5.0.12.5 IBM Java 5.0.13.0 IBM Java 5.0.14.0 IBM Java 6.0.0.0 IBM Java 6.0.1.0 IBM Java 6.0.2.0 IBM Java 6.0.3.0 IBM Java 6.0.4.0 IBM Java 6.0.5.0 IBM Java 6.0.6.0 IBM Java 6.0.7.0 IBM Java 6.0.8.0 IBM Java 6.0.8.1 IBM Java 6.0.9.0 IBM Java 6.0.9.1 IBM Java 6.0.9.2 IBM Java 6.0.10.0 IBM Java 6.0.10.1 IBM Java 6.0.11.0 IBM Java 7.0.0.0 IBM Java 7.0.1.0 IBM Java 7.0.2.0 IBM Lotus Domino 8.0 IBM Lotus Domino 8.0.1 IBM Lotus Domino 8.0.2 IBM Lotus Domino 8.0.2.1 IBM Lotus Domino 8.0.2.2 IBM Lotus Domino 8.0.2.3 IBM Lotus Domino 8.0.2.4 IBM Lotus Domino 8.5.0 IBM Lotus Domino 8.5.0.1 IBM Lotus Domino 8.5.1 IBM Lotus Domino 8.5.1.1 IBM Lotus Domino 8.5.1.2 IBM Lotus Domino 8.5.1.3 IBM Lotus Domino 8.5.1.4 IBM Lotus Domino 8.5.1.5 IBM Lotus Domino 8.5.2.0 IBM Lotus Domino 8.5.2.1 IBM Lotus Domino 8.5.2.2 IBM Lotus Domino 8.5.2.3 IBM Lotus Domino 8.5.2.4 IBM Lotus Domino 8.5.3.0 IBM Lotus Domino 8.5.3.1 IBM Lotus Domino 8.5.3.2 IBM Lotus Notes 8.0 IBM Lotus Notes 8.0.0 IBM Lotus Notes 8.0.1 IBM Lotus Notes 8.0.2 IBM Lotus Notes 8.0.2.0 IBM Lotus Notes 8.0.2.1 IBM Lotus Notes 8.0.2.2 IBM Lotus Notes 8.0.2.3 IBM Lotus Notes 8.0.2.4 IBM Lotus Notes 8.0.2.5 IBM Lotus Notes 8.0.2.6 IBM Lotus Notes 8.5 IBM Lotus Notes 8.5.0.0 IBM Lotus Notes 8.5.0.1 IBM Lotus Notes 8.5.1 IBM Lotus Notes 8.5.1.0 IBM Lotus Notes 8.5.1.1 IBM Lotus Notes 8.5.1.2 IBM Lotus Notes 8.5.1.3 IBM Lotus Notes 8.5.1.4 IBM Lotus Notes 8.5.1.5 IBM Lotus Notes 8.5.2.0 IBM Lotus Notes 8.5.2.1 IBM Lotus Notes 8.5.2.2 IBM Lotus Notes 8.5.2.3 IBM Lotus Notes 8.5.3 IBM Lotus Notes 8.5.3.1 IBM Lotus Notes 8.5.3.2 IBM Lotus Notes 8.5.4 IBM Lotus Notes Sametime 8.0.80407 IBM Lotus Notes Sametime 8.0.80822 IBM Lotus Notes Sametime 8.5.1.20100709-1631 IBM Lotus Notes Traveler 8.0 IBM Lotus Notes Traveler 8.0.1 IBM Lotus Notes Traveler 8.0.1.2 IBM Lotus Notes Traveler 8.0.1.3 IBM Lotus Notes Traveler 8.5.0.0 IBM Lotus Notes Traveler 8.5.0.1 IBM Lotus Notes Traveler 8.5.0.2 IBM Lotus Notes Traveler 8.5.1.1 IBM Lotus Notes Traveler 8.5.1.2 IBM Lotus Notes Traveler 8.5.1.3 IBM Lotus Notes Traveler 8.5.2.1 IBM Lotus Notes Traveler 8.5.3 IBM Lotus Notes Traveler 8.5.3.1 IBM Lotus Notes Traveler 8.5.3.2 IBM Lotus Notes Traveler 8.5.3.3 IBM Rational Change 4.7 IBM Rational Change 5.1 IBM Rational Change 5.2 IBM Rational Change 5.3 IBM Rational Host ON Demand 1.6.0.12 IBM Rational Host ON Demand 8.0.8.0 IBM Rational Host ON Demand 9.0.8.0 IBM Rational Host ON Demand 10.0.9.0 IBM Rational Host ON Demand 10.0.10.0 IBM Rational Host ON Demand 11.0.3.0 IBM Rational Host ON Demand 11.0.4.0 IBM Rational Host ON Demand 11.0.5.0 IBM Rational Host ON Demand 11.0.5.1 IBM Rational Host ON Demand 11.0.6.0 IBM Rational Host ON Demand 11.0.6.1 IBM Service Delivery Manager 7.2.1.0 IBM Service Delivery Manager 7.2.2.0 IBM Smart Analytics System 5600 Software - IBM Smart Analytics System 5600 Software 9.7 IBM Tivoli Monitoring 6.1.0 IBM Tivoli Monitoring 6.1.0.7 IBM Tivoli Monitoring 6.2.0 IBM Tivoli Monitoring 6.2.0.1 IBM Tivoli Monitoring 6.2.0.2 IBM Tivoli Monitoring 6.2.0.3 IBM Tivoli Monitoring 6.2.1 IBM Tivoli Monitoring 6.2.1.0 IBM Tivoli Monitoring 6.2.1.1 IBM Tivoli Monitoring 6.2.1.2 IBM Tivoli Monitoring 6.2.1.3 IBM Tivoli Monitoring 6.2.1.4 IBM Tivoli Monitoring 6.2.2 IBM Tivoli Monitoring 6.2.2.0 IBM Tivoli Monitoring 6.2.2.1 IBM Tivoli Monitoring 6.2.2.2 IBM Tivoli Monitoring 6.2.2.3 IBM Tivoli Monitoring 6.2.2.4 IBM Tivoli Monitoring 6.2.2.5 IBM Tivoli Monitoring 6.2.2.6 IBM Tivoli Monitoring 6.2.2.7 IBM Tivoli Monitoring 6.2.2.8 IBM Tivoli Monitoring 6.2.2.9 IBM Tivoli Monitoring 6.2.3 IBM Tivoli Monitoring 6.2.3.0 IBM Tivoli Monitoring 6.2.3.1 IBM Tivoli Monitoring 6.2.3.2 IBM Tivoli Remote Control 5.1.2 IBM Websphere Real Time 2.0 IBM Websphere Real Time 3.0	166
Application	Tivoli_Storage_Productivity_Center Tivoli Storage Productivity Center 5.0 * Tivoli Storage Productivity Center 5.1 * Tivoli Storage Productivity Center 5.1.1 *	3
Hardware	Ibm IBM Smart Analytics System 5600 7200	1

Nessus

NASL family	Windows
NASL id	LOTUS_NOTES_8_5_3_FP3.NASL
description	The remote host has a version of Lotus Notes 8.5.1, 8.5.2, or 8.5.3.x prior to 8.5.3 Fix Pack 3 installed. It is, therefore, reportedly affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of the IBM JRE that contains several errors that allow Java code execution outside the Java sandbox. (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823) - Information disclosure is possible because the application does not set the
last seen	2020-06-01
modified	2020-06-02
plugin id	63281
published	2012-12-17
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63281
title	IBM Lotus Notes 8.5.1 / 8.5.2 / 8.5.3 < 8.5.3 FP3 Multiple Vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-1467.NASL
description	Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823, CVE-2012-5067, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR3 release. All running instances of IBM Java must be restarted for the update to take effect.
last seen	2020-06-01
modified	2020-06-02
plugin id	62932
published	2012-11-16
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/62932
title	RHEL 6 : java-1.7.0-ibm (RHSA-2012:1467) (ROBOT)

Redhat

advisories

rhsa

id	RHSA-2012:1467

rpms

java-1.7.0-ibm-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-demo-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-devel-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-jdbc-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-plugin-1:1.7.0.3.0-1jpp.2.el6_3
java-1.7.0-ibm-src-1:1.7.0.3.0-1jpp.2.el6_3

Summary

Vulnerable Configurations

Nessus

Redhat

References