CVE-2012-4820

Name of the Vulnerable Software and Affected Versions IBM Java versions prior to 7 SR2 IBM Java 6.0.1 versions prior to SR3 IBM Java 6 versions prior to SR11 IBM Java 5 versions prior to SR14 IBM Java 142 versions prior to SR13 FP13 IBM Rational Host On-Demand (affected versions not specified) IBM Rational Change (affected versions not specified) IBM Tivoli Monitoring (affected versions not specified) IBM Smart Analytics System 5600 (affected versions not specified) IBM Tivoli Remote Control 5.1.2 (affected versions not specified) IBM WebSphere Real Time (affected versions not specified) IBM Lotus Notes & Domino (affected versions not specified) IBM Tivoli Storage Productivity Center (affected versions not specified) IBM Service Deliver Manager (affected versions not specified)

Description The issue allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to insecure use of the java.lang.reflect.Method invoke() method when running under a security manager.

Recommendations For IBM Java versions prior to 7 SR2, update to a version newer than 7 SR2. For IBM Java 6.0.1 versions prior to SR3, update to a version newer than 6.0.1 SR3. For IBM Java 6 versions prior to SR11, update to a version newer than 6 SR11. For IBM Java 5 versions prior to SR14, update to a version newer than 5 SR14. For IBM Java 142 versions prior to SR13 FP13, update to a version newer than 142 SR13 FP13. For other affected products, apply the recommended updates or patches as provided by the vendors. As a temporary workaround, consider restricting the use of the java.lang.reflect.Method invoke() method until a patch is available.