CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.

Published: 2013-01-10 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2012-4821 is rated High Risk (71.8/100): CVSS Critical severity, with high exploitation likelihood (EPSS 6.93%, 93th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +1.92% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2012-4821

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 5.01% 6.93% +1.92%
2 2026-02-18 6.65% 5.01% -1.64%
3 2025-12-28 6.65%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-4821

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2012-4821

OS Trackers for CVE-2012-4821

vendor priority summary link
redhat high https://access.redhat.com/security/cve/CVE-2012-4821

Affected software / configurations for CVE-2012-4821

Vendor Product Version Raw CPE
ibm java >= 1.4.2, <= 1.4.2.13.13 cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
ibm java >= 5.0.0.0, <= 5.0.14.0 cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
ibm java >= 6.0.0.0, <= 6.0.11.0 cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
ibm java >= 7.0.0.0, <= 7.0.2.0 cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*
ibm lotus_domino 8.0 cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*
ibm lotus_domino 8.0.1 cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*
ibm lotus_domino 8.0.2 cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*
ibm lotus_domino 8.0.2.1 cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*
ibm lotus_domino 8.0.2.2 cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*
ibm lotus_domino 8.0.2.3 cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*
ibm lotus_domino 8.0.2.4 cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*
ibm lotus_domino 8.5.0 cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*
ibm lotus_domino 8.5.0.1 cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*
ibm lotus_domino 8.5.1 cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*
ibm lotus_domino 8.5.1.1 cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*
ibm lotus_domino 8.5.1.2 cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*
ibm lotus_domino 8.5.1.3 cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*
ibm lotus_domino 8.5.1.4 cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*
ibm lotus_domino 8.5.1.5 cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*
ibm lotus_domino 8.5.2.0 cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*
ibm lotus_domino 8.5.2.1 cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*
ibm lotus_domino 8.5.2.2 cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*
ibm lotus_domino 8.5.2.3 cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*
ibm lotus_domino 8.5.2.4 cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*
ibm lotus_domino 8.5.3.0 cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*
ibm lotus_domino 8.5.3.1 cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*
ibm lotus_domino 8.5.3.2 cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*
ibm lotus_notes 8.0 cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
ibm lotus_notes 8.0.0 cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*
ibm lotus_notes 8.0.1 cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2 cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2.0 cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2.1 cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2.2 cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2.3 cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2.4 cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2.5 cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*
ibm lotus_notes 8.0.2.6 cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*
ibm lotus_notes 8.5 cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
ibm lotus_notes 8.5.0.0 cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*
ibm lotus_notes 8.5.0.1 cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*
ibm lotus_notes 8.5.1 cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*
ibm lotus_notes 8.5.1.0 cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*
ibm lotus_notes 8.5.1.1 cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*
ibm lotus_notes 8.5.1.2 cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*
ibm lotus_notes 8.5.1.3 cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*
ibm lotus_notes 8.5.1.4 cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*
ibm lotus_notes 8.5.1.5 cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*
ibm lotus_notes 8.5.2.0 cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*
ibm lotus_notes 8.5.2.1 cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*
ibm lotus_notes 8.5.2.2 cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*
ibm lotus_notes 8.5.2.3 cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*
ibm lotus_notes 8.5.3 cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*
ibm lotus_notes 8.5.3.1 cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*
ibm lotus_notes 8.5.3.2 cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*
ibm lotus_notes 8.5.4 cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*
ibm lotus_notes_sametime 8.0.80407 cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*
ibm lotus_notes_sametime 8.0.80822 cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*
ibm lotus_notes_sametime 8.5.1.20100709-1631 cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*
ibm lotus_notes_traveler 8.0 cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.0.1 cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.0.1.2 cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.0.1.3 cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.0.0 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.0.1 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.0.2 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.1.1 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.1.2 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.1.3 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.2.1 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.3 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.3.1 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.3.2 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.3.3 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*
ibm lotus_notes_traveler 8.5.3.3 cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*
ibm rational_change 4.7 cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*
ibm rational_change 5.1 cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*
ibm rational_change 5.2 cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*
ibm rational_change 5.3 cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*
ibm rational_host_on-demand 1.6.0.12 cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*

References for CVE-2012-4821

URL Tags
http://rhn.redhat.com/errata/RHSA-2012-1467.html Third Party Advisory
http://seclists.org/bugtraq/2012/Sep/38 Mailing List Third Party Advisory
http://secunia.com/advisories/51326 Third Party Advisory
http://secunia.com/advisories/51634 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21615705 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21615800 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21616490 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21616594 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21616616 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21616617 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21616652 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21616708 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21621154 Vendor Advisory
http://www.securityfocus.com/bid/55495 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/78765 Third Party Advisory VDB Entry
https://www-304.ibm.com/support/docview.wss?uid=swg21616546 Vendor Advisory
cvelogic Threat Intelligence