CVE-2012-4820 Information

Description

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier Java 6.0.1 SR3 and earlier Java 6 SR11 and earlier Java 5 SR14 and earlier and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand Rational Change Tivoli Monitoring Smart Analytics System 5600 Tivoli Remote Control 5.1.2 WebSphere Real Time Lotus Notes & Domino Tivoli Storage Productivity Center and Service Deliver Manager; and other products from other vendors such as Red Hat when running under a security manager allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \insecure use of the java.lang.reflect.Method invoke() method.\

Reference

http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/51634 http://www.securityfocus.com/bid/55495 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http://www-01.ibm.com/support/docview.wss?uid=swg21615800 http://www-01.ibm.com/support/docview.wss?uid=swg21616490 http://www-01.ibm.com/support/docview.wss?uid=swg21616594 http://www-01.ibm.com/support/docview.wss?uid=swg21616616 http://www-01.ibm.com/support/docview.wss?uid=swg21616617 http://www-01.ibm.com/support/docview.wss?uid=swg21616652 http://www-01.ibm.com/support/docview.wss?uid=swg21616708 http://www-01.ibm.com/support/docview.wss?uid=swg21621154 http://www-01.ibm.com/support/docview.wss?uid=swg21631786 https://exchange.xforce.ibmcloud.com/vulnerabilities/78764 https://www-304.ibm.com/support/docview.wss?uid=swg21616546