IBM Java Multiple Unspecified Method Sandbox Bypass Arbitrary Code Execution Vulnerabilities
Severity: CRITICAL
CVE Identifier: CVE-2012-4822
Advisory Date: JUL 21, 2015
DESCRIPTION
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class."
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1005406
Trend Micro Deep Security DPI Rule Name: 1005406 - IBM Java Multiple Unspecified Method Sandbox Bypass Arbitrary Code Execution Vulnerabilities
AFFECTED SOFTWARE AND VERSION
- ibm java 1.4.2
- ibm java 1.4.2.13
- ibm java 1.4.2.13.1
- ibm java 1.4.2.13.10
- ibm java 1.4.2.13.11
- ibm java 1.4.2.13.12
- ibm java 1.4.2.13.13
- ibm java 1.4.2.13.2
- ibm java 1.4.2.13.3
- ibm java 1.4.2.13.4
- ibm java 1.4.2.13.5
- ibm java 1.4.2.13.6
- ibm java 1.4.2.13.7
- ibm java 1.4.2.13.8
- ibm java 1.4.2.13.9
- ibm java 5.0.0.0
- ibm java 5.0.11.1
- ibm java 5.0.11.2
- ibm java 5.0.12.0
- ibm java 5.0.12.1
- ibm java 5.0.12.2
- ibm java 5.0.12.3
- ibm java 5.0.12.4
- ibm java 5.0.12.5
- ibm java 5.0.13.0
- ibm java 5.0.14.0
- ibm java 6.0.0.0
- ibm java 6.0.1.0
- ibm java 6.0.10.0
- ibm java 6.0.10.1
- ibm java 6.0.11.0
- ibm java 6.0.2.0
- ibm java 6.0.3.0
- ibm java 6.0.7.0
- ibm java 6.0.8.0
- ibm java 6.0.8.1
- ibm java 6.0.9.0
- ibm java 6.0.9.1
- ibm java 6.0.9.2
- ibm java 7.0.0.0
- ibm java 7.0.1.0
- ibm java 7.0.2.0
- ibm java 7.0.3.0
- ibm lotus_domino 8.0
- ibm lotus_domino 8.0.1
- ibm lotus_domino 8.0.2
- ibm lotus_domino 8.0.2.1
- ibm lotus_domino 8.0.2.2
- ibm lotus_domino 8.0.2.3
- ibm lotus_domino 8.0.2.4
- ibm lotus_domino 8.5.0
- ibm lotus_domino 8.5.0.1
- ibm lotus_domino 8.5.1
- ibm lotus_domino 8.5.1.1
- ibm lotus_domino 8.5.1.2
- ibm lotus_domino 8.5.1.3
- ibm lotus_domino 8.5.1.4
- ibm lotus_domino 8.5.1.5
- ibm lotus_domino 8.5.2.0
- ibm lotus_domino 8.5.2.1
- ibm lotus_domino 8.5.2.2
- ibm lotus_domino 8.5.2.3
- ibm lotus_domino 8.5.2.4
- ibm lotus_domino 8.5.3.0
- ibm lotus_domino 8.5.3.1
- ibm lotus_domino 8.5.3.2
- ibm lotus_notes 8.0
- ibm lotus_notes 8.0.0
- ibm lotus_notes 8.0.1
- ibm lotus_notes 8.0.2
- ibm lotus_notes 8.0.2.0
- ibm lotus_notes 8.0.2.1
- ibm lotus_notes 8.0.2.2
- ibm lotus_notes 8.0.2.3
- ibm lotus_notes 8.0.2.4
- ibm lotus_notes 8.0.2.5
- ibm lotus_notes 8.0.2.6
- ibm lotus_notes 8.5
- ibm lotus_notes 8.5.0.0
- ibm lotus_notes 8.5.0.1
- ibm lotus_notes 8.5.1
- ibm lotus_notes 8.5.1.0
- ibm lotus_notes 8.5.1.1
- ibm lotus_notes 8.5.1.2
- ibm lotus_notes 8.5.1.3
- ibm lotus_notes 8.5.1.4
- ibm lotus_notes 8.5.1.5
- ibm lotus_notes 8.5.2.0
- ibm lotus_notes 8.5.2.1
- ibm lotus_notes 8.5.2.2
- ibm lotus_notes 8.5.2.3
- ibm lotus_notes 8.5.3
- ibm lotus_notes 8.5.3.1
- ibm lotus_notes 8.5.3.2
- ibm lotus_notes 8.5.4
- ibm lotus_notes_sametime 8.0.80407
- ibm lotus_notes_sametime 8.0.80822
- ibm lotus_notes_sametime 8.5.1.20100709-1631
- ibm lotus_notes_traveler 8.0
- ibm lotus_notes_traveler 8.0.1
- ibm lotus_notes_traveler 8.0.1.2
- ibm lotus_notes_traveler 8.0.1.3
- ibm lotus_notes_traveler 8.5.0.0
- ibm lotus_notes_traveler 8.5.0.1
- ibm lotus_notes_traveler 8.5.0.2
- ibm lotus_notes_traveler 8.5.1.1
- ibm lotus_notes_traveler 8.5.1.2
- ibm lotus_notes_traveler 8.5.1.3
- ibm lotus_notes_traveler 8.5.2.1
- ibm lotus_notes_traveler 8.5.3
- ibm lotus_notes_traveler 8.5.3.1
- ibm lotus_notes_traveler 8.5.3.2
- ibm lotus_notes_traveler 8.5.3.3
- ibm rational_change 4.7
- ibm rational_change 5.1
- ibm rational_change 5.2
- ibm rational_change 5.3
- ibm rational_host_on-demand 1.6.0.12
- ibm rational_host_on-demand 10.0.10.0
- ibm rational_host_on-demand 10.0.9.0
- ibm rational_host_on-demand 11.0.3.0
- ibm rational_host_on-demand 11.0.4.0
- ibm rational_host_on-demand 11.0.5.0
- ibm rational_host_on-demand 11.0.5.1
- ibm rational_host_on-demand 11.0.6.0
- ibm rational_host_on-demand 11.0.6.1
- ibm rational_host_on-demand 8.0.8.0
- ibm rational_host_on-demand 9.0.8.0
- ibm service_delivery_manager 7.2.1.0
- ibm service_delivery_manager 7.2.2.0
- ibm smart_analytics_system_5600 7200
- ibm smart_analytics_system_5600_software -
- ibm smart_analytics_system_5600_software 9.7
- ibm tivoli_monitoring 6.1.0
- ibm tivoli_monitoring 6.1.0.7
- ibm tivoli_monitoring 6.2.0
- ibm tivoli_monitoring 6.2.0.1
- ibm tivoli_monitoring 6.2.0.2
- ibm tivoli_monitoring 6.2.0.3
- ibm tivoli_monitoring 6.2.1
- ibm tivoli_monitoring 6.2.1.0
- ibm tivoli_monitoring 6.2.1.1
- ibm tivoli_monitoring 6.2.1.2
- ibm tivoli_monitoring 6.2.1.3
- ibm tivoli_monitoring 6.2.1.4
- ibm tivoli_monitoring 6.2.2
- ibm tivoli_monitoring 6.2.2.0
- ibm tivoli_monitoring 6.2.2.1
- ibm tivoli_monitoring 6.2.2.2
- ibm tivoli_monitoring 6.2.2.3
- ibm tivoli_monitoring 6.2.2.4
- ibm tivoli_monitoring 6.2.2.5
- ibm tivoli_monitoring 6.2.2.6
- ibm tivoli_monitoring 6.2.2.7
- ibm tivoli_monitoring 6.2.2.8
- ibm tivoli_monitoring 6.2.2.9
- ibm tivoli_monitoring 6.2.3
- ibm tivoli_monitoring 6.2.3.0
- ibm tivoli_monitoring 6.2.3.1
- ibm tivoli_monitoring 6.2.3.2
- ibm tivoli_remote_control 5.1.2
- ibm websphere_real_time 2.0
- ibm websphere_real_time 3.0
- tivoli_storage_productivity_center 5.0
- tivoli_storage_productivity_center 5.1
- tivoli_storage_productivity_center 5.1.1
Featured Stories
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more