CVE-2012-4821

Name of the Vulnerable Software and Affected Versions IBM Java versions 7 SR2 and earlier IBM Java versions 6.0.1 SR3 and earlier IBM Java versions 6 SR11 and earlier IBM Java versions 5 SR14 and earlier IBM Java 142 SR13 FP13 and earlier IBM Rational Host On-Demand (affected versions not specified) IBM Rational Change (affected versions not specified) IBM Tivoli Monitoring (affected versions not specified) IBM Smart Analytics System 5600 (affected versions not specified) IBM Tivoli Remote Control 5.1.2 IBM WebSphere Real Time (affected versions not specified) IBM Lotus Notes & Domino (affected versions not specified) IBM Tivoli Storage Productivity Center (affected versions not specified) IBM Service Deliver Manager (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code via insecure use of the java.lang.Class getDeclaredMethods or nd and java.lang.reflect.AccessibleObject setAccessible() methods. This affects various IBM products, including IBM Java, IBM Rational Host On-Demand, IBM Rational Change, IBM Tivoli Monitoring, IBM Smart Analytics System 5600, IBM Tivoli Remote Control, IBM WebSphere Real Time, IBM Lotus Notes & Domino, IBM Tivoli Storage Productivity Center, and IBM Service Deliver Manager.

Recommendations For IBM Java versions 7 SR2 and earlier, update to a version later than 7 SR2. For IBM Java versions 6.0.1 SR3 and earlier, update to a version later than 6.0.1 SR3. For IBM Java versions 6 SR11 and earlier, update to a version later than 6 SR11. For IBM Java versions 5 SR14 and earlier, update to a version later than 5 SR14. For IBM Java 142 SR13 FP13 and earlier, update to a version later than 142 SR13 FP13. For other affected products, apply the recommended updates or patches as provided by the vendor. As a temporary workaround, consider restricting access to the java.lang.Class getDeclaredMethods and java.lang.reflect.AccessibleObject setAccessible() methods until a patch is available.