Vulnerability Details : CVE-2012-4821
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
Vulnerability category: Execute code
Products affected by CVE-2012-4821
- cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*
- cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*
- cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*
- cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*
Threat overview for CVE-2012-4821
Top countries where our scanners detected CVE-2012-4821
Top open port discovered on systems with this issue
110
IPs affected by CVE-2012-4821 898
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-4821!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-4821
52.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4821
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-4821
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616616
IBM Security Bulletin: IBM WebSphere Real Time clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616594
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://seclists.org/bugtraq/2012/Sep/38
Bugtraq: [SE-2012-01] Security vulnerabilities in IBM JavaMailing List;Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616617
IBM Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21615705
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659
IBM IV29659: FIX SECURITY VULNERABILITY CVE-2012-4821Vendor Advisory
-
https://www-304.ibm.com/support/docview.wss?uid=swg21616546
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616490
IBM Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE excuted under a security manager.Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1467.html
RHSA-2012:1467 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616708
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21621154
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21616652
IBM Security Bulletin: IBM Lotus Notes & Domino affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)Vendor Advisory
-
http://www.securityfocus.com/bid/55495
IBM Java Multiple Remote Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78765
IBM Java getDeclaredMethods() and setAccessible() code execution CVE-2012-4821 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21615800
IBM notice: The page you requested cannot be displayedVendor Advisory
Jump to