Vulnerability Details : CVE-2012-4820
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
Products affected by CVE-2012-4820
- cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*
- cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*
- cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*
- cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*
Threat overview for CVE-2012-4820
Top countries where our scanners detected CVE-2012-4820
Top open port discovered on systems with this issue
110
IPs affected by CVE-2012-4820 898
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-4820!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-4820
25.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4820
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-4820
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616616
IBM Security Bulletin: IBM WebSphere Real Time clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1465.html
RHSA-2012:1465 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616594
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://seclists.org/bugtraq/2012/Sep/38
Bugtraq: [SE-2012-01] Security vulnerabilities in IBM JavaMailing List;Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616617
IBM Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21615705
IBM notice: The page you requested cannot be displayedVendor Advisory
-
https://www-304.ibm.com/support/docview.wss?uid=swg21616546
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RHSA-2013:1455 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616490
IBM Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE excuted under a security manager.Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1456.html
RHSA-2013:1456 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1467.html
RHSA-2012:1467 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21631786
IBM Security Bulletin: TADDM: Vulnerabilities in embedded JREVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654
IBM IV29654: FIX SECURITY VULNERABILITY CVE-2012-4820Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1466.html
RHSA-2012:1466 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616708
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21621154
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616652
IBM Security Bulletin: IBM Lotus Notes & Domino affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)Vendor Advisory
-
http://www.securityfocus.com/bid/55495
IBM Java Multiple Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21615800
IBM notice: The page you requested cannot be displayedVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78764
IBM Java java.lang.reflect.Method invoke() code execution CVE-2012-4820 Vulnerability ReportThird Party Advisory;VDB Entry
Jump to