CVE-2012-4820

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino; 5.1.1; Lotus Notes; Lotus Notes Traveler
Vendor: CVE Published:; 11 January 2013

Summary

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."

References

http://rhn.redhat.com/errata/RHSA-2012-1466.html

vendor-advisoryx_refsource_REDHAT

http://www-01.ibm.com/support/docview.wss?uid=swg21616616

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21616594

x_refsource_CONFIRM

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 11, 2013
Vulnerability Reserved
Sep 6, 2012