Oracle Java Runtime Environment Deployment unspecified

javaruntimeenvironment-deploy-cve20121533 (79416) The risk level is classified as HighHigh Risk


An unspecified vulnerability in Oracle Java Runtime Environment related to Deployment has complete confidentiality impact, complete integrity impact, and complete availability impact.


Base Score: 10
  Access Vector: Network
  Access Complexity: Low
  Authentication: None
  Confidentiality Impact: Complete
  Integrity Impact: Complete
  Availability Impact: Complete
Temporal Score: 8.3
  Exploitability: Functional
  Remediation Level: Official-Fix
  Report Confidence: Confirmed


Gain Access


Refer to Oracle Web site for patch, upgrade or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.


  • IBM Security Bulletin 1616490: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE excuted under a security manager.
  • IBM Security Bulletin 1619418: Vulnerabilities in Rational Functional Tester versions 8.x due to security vulnerabilities in IBM JRE 7.0 Service Release 2 or earlier, and non-IBM Java 7.0.
  • IBM Security Bulletin 1620037: IBM Rational System Architect Security Vulnerability: Multiple security vulnerabilities in IBM JRE 6.
  • IBM Security Bulletin 1621154: IBM Service Deliver Manager clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823).
  • IBM Security Bulletin 1635864: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE 6.0.
  • IBM Security Bulletin 1636462: The Java version bundled with IBM OpenPages GRC Platform version 6.2 is susceptible to multiple vulnerabilities in the Java Runtime Environment (JRE).
  • Offensive Security Exploit Database [06-11-2013]: Java Web Start Double Quote Injection Remote Code Execution.
  • Oracle Web site: Oracle Java SE Critical Patch Update Advisory - October 2012.
  • Packet Storm Security [06-10-2013]: Sun Java Web Start Double Quote Injection.
  • Packet Storm Security [06-13-2013]: Sun Java Web Start Double Quote Injection.
  • BID-56046: Oracle Java SE CVE-2012-1533 Remote Code Execution Vulnerability
  • CVE-2012-1533: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
  • RHSA-2012-1391: Critical: java-1.7.0-oracle security update
  • RHSA-2012-1392: Critical: java-1.6.0-sun security update
  • RHSA-2012-1466: Critical: java-1.6.0-ibm security update
  • RHSA-2012-1467: Critical: java-1.7.0-ibm security update
  • RHSA-2013-1455: Low: Red Hat Network Satellite server IBM Java Runtime security update
  • RHSA-2013-1456: Low: Red Hat Network Satellite server IBM Java Runtime security update
  • SA50949: Oracle Java Multiple Vulnerabilities

Platforms Affected:

  • IBM Java SDK 6.0
  • IBM Java SDK 7.0
  • IBM OpenPages GRC Platform 6.2.1
  • IBM Rational Functional Tester 8.0
  • IBM Rational Functional Tester 8.1
  • IBM Rational Functional Tester 8.2
  • IBM Rational Functional Tester 8.3
  • IBM Rational System Architect 11.0
  • IBM Rational System Architect 11.1
  • IBM Rational System Architect 11.2
  • IBM Rational System Architect 11.3
  • IBM Rational System Architect 11.4
  • IBM Service Delivery Manager 7.2.1
  • IBM Service Delivery Manager 7.2.2
  • IBM Service Delivery Manager 7.2.4
  • IBM Tivoli Monitoring 6.2
  • IBM Tivoli Monitoring 6.2.1
  • IBM Tivoli Monitoring 6.2.2
  • IBM Tivoli Monitoring 6.2.3
  • IBM WebSphere ILOG JRules 7.1.1
  • IBM WebSphere Operational Decision Manager 7.5
  • IBM WebSphere Operational Decision Manager 8.0.1
  • Oracle JDK Update30
  • Oracle JDK Update32
  • Oracle JDK Update31
  • Oracle JDK Update35
  • Oracle JDK Update34
  • Oracle JDK Update33
  • Oracle JDK Update23
  • Oracle JDK Update29
  • Oracle JDK Update27
  • Oracle JDK Update26
  • Oracle JDK Update25
  • Oracle JDK Update24
  • Oracle JDK Update22
  • Oracle JDK 1.7.0 Update4
  • Oracle JDK 1.7.0
  • Oracle JDK 1.7.0 Update1
  • Oracle JDK 1.7.0 Update2
  • Oracle JDK 1.7.0 Update3
  • Oracle JDK 1.7.0 Update7
  • Oracle JDK 1.7.0 Update5
  • Oracle JDK 1.7.0 Update6
  • Oracle JRE Update22
  • Oracle JRE Update23
  • Oracle JRE Update24
  • Oracle JRE Update25
  • Oracle JRE Update26
  • Oracle JRE Update27
  • Oracle JRE Update29
  • Oracle JRE Update30
  • Oracle JRE Update32
  • Oracle JRE Update31
  • Oracle JRE Update33
  • Oracle JRE Update34
  • Oracle JRE Update35
  • Oracle JRE 1.7.0 Update1
  • Oracle JRE 1.7.0 Update5
  • Oracle JRE 1.7.0 Update6
  • Oracle JRE 1.7.0 Update3
  • Oracle JRE 1.7.0 Update4
  • Oracle JRE 1.7.0
  • Oracle JRE 1.7.0 Update7
  • Oracle JRE 1.7.0 Update2
  • RedHat Enterprise Linux Desktop Supplementary 6
  • RedHat Enterprise Linux HPC Node Supplementary 6
  • RedHat Enterprise Linux Server Supplementary 6
  • RedHat Enterprise Linux Workstation Supplementary 6
  • RedHat RHEL Desktop Supplementary 5 Client
  • RedHat RHEL Supplementary 5 Server
  • Sun JDK Update16
  • Sun JDK Update5
  • Sun JDK Update14
  • Sun JDK Update13
  • Sun JDK Update12
  • Sun JDK Update11
  • Sun JDK Update10
  • Sun JDK Update7
  • Sun JDK Update6
  • Sun JDK Update15
  • Sun JDK Update4
  • Sun JDK Update3
  • Sun JDK Update2
  • Sun JDK Update17
  • Sun JDK Update19
  • Sun JDK Update1
  • Sun JDK Update18
  • Sun JDK Update1b06
  • Sun JDK Update20
  • Sun JDK Update21
  • Sun JRE Update20
  • Sun JRE Update19
  • Sun JRE Update18
  • Sun JRE
  • Sun JRE Update17
  • Sun JRE Update16
  • Sun JRE Update15
  • Sun JRE Update14
  • Sun JRE Update13
  • Sun JRE Update12
  • Sun JRE Update11
  • Sun JRE Update10
  • Sun JRE Update7
  • Sun JRE Update6
  • Sun JRE Update5
  • Sun JRE Update4
  • Sun JRE Update3
  • Sun JRE Update1
  • Sun JRE Update2
  • Sun JRE Update21


Oct 17, 2012

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page