Remote Code Execution Vulnerability in IBM Java Products
CVE-2012-4823

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino; 5.1.1; Lotus Notes; Lotus Notes Traveler
Vendor: CVE Published:; 11 January 2013

Summary

An unspecified vulnerability exists in the JRE component of IBM Java, affecting various versions up to and including Java 7 SR2. This flaw enables remote attackers to execute arbitrary code on targeted systems by exploiting insecure usage of the java.lang.ClassLoader defineClass() method. The vulnerability impacts a range of IBM products, including Rational Host On-Demand and Tivoli Monitoring, as well as other software from third-party vendors like Red Hat.

References

http://rhn.redhat.com/errata/RHSA-2012-1466.html

vendor-advisoryx_refsource_REDHAT

http://www-01.ibm.com/support/docview.wss?uid=swg21616616

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21616594

x_refsource_CONFIRM

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 11, 2013
Vulnerability Reserved
Sep 6, 2012