CVE-2012-4823

Name of the Vulnerable Software and Affected Versions IBM Java versions 7 SR2 and earlier IBM Java versions 6.0.1 SR3 and earlier IBM Java versions 6 SR11 and earlier IBM Java versions 5 SR14 and earlier IBM Java 142 SR13 FP13 and earlier

Description The issue allows remote attackers to execute arbitrary code via vectors related to insecure use of the java.lang.ClassLoader defineClass() method. This affects various IBM products, including IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager, as well as products from other vendors like Red Hat.

Recommendations For IBM Java versions 7 SR2 and earlier, update to a version later than 7 SR2. For IBM Java versions 6.0.1 SR3 and earlier, update to a version later than 6.0.1 SR3. For IBM Java versions 6 SR11 and earlier, update to a version later than 6 SR11. For IBM Java versions 5 SR14 and earlier, update to a version later than 5 SR14. For IBM Java 142 SR13 FP13 and earlier, update to a version later than 142 SR13 FP13. As a temporary workaround, consider restricting the use of the java.lang.ClassLoader defineClass() method until a patch is available.