Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1CE53BC422F29ADFB61B4C256C90B3674F9862036E916326D286BD780B688FF6
HistoryFeb 08, 2023 - 8:47 p.m.

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

2023-02-0820:47:27
www.ibm.com
20
ibm java sdk
ibm java runtime
rational business developer
cve-2022-3676
eclipse openj9
cvss base score
affected products
remediation
fix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment update deferred from IBM Java - OpenJ9 CVE-2022-3676

Vulnerability Details

CVEID:CVE-2022-3676
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
RBD 9.5 - 9.5.1.2
RBD 9.6 - 9.6.0.1
RBD 9.7

Remediation/Fixes

Product VRMF APAR Remediation / First Fix File Name
Rational Business Developer 9.5 - 9.5.1.2 None
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.5.0&platform=All&function=all RBD_9.5_IBM_JDK8_SR7_FP20
Rational Business Developer 9.6 - 9.6.0.1 None https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.6&platform=All&function=all RBD_9.6_IBM_JDK8_SR7_FP20
Rational Business Developer 9.7 None https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.7.0&platform=All&function=all
RBD_9.7_IBM_JDK8_SR7_FP20

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_business_developerMatch9.5
OR
ibmrational_business_developerMatch9.6
OR
ibmrational_business_developerMatch9.7

Related

ibm 66
prion 1
nessus 5
cve 1
osv 1
openvas 4
nvd 1
cvelist 1
aix 1
ibm
ibm
Security Bulletin: Vulnerability in Eclipse OpenJ9 affects Rational Performance Tester (CVE-2022-3676)
2023-06-16 19:07:26
Security Bulletin: IBM Content Manager Enterprise Edition is affected by a vulnerability in Eclipse Openj9
2023-04-28 09:40:03
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-3676)
2022-12-06 16:12:30
prion
prion
Design/Logic Flaw
2022-10-24 14:15:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2023:0375-1)
2023-02-14 00:00:00
IBM Java 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20
2022-11-16 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
cve
cve
CVE-2022-3676
2022-10-24 14:15:51
osv
osv
CVE-2022-3676
2022-10-24 14:15:51
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4602-1)
2022-12-22 00:00:00
openSUSE: Security Advisory for java (SUSE-SU-2023:0375-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
nvd
nvd
CVE-2022-3676
2022-10-24 14:15:51
cvelist
cvelist
CVE-2022-3676
2022-10-24 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON
Related for 1CE53BC422F29ADFB61B4C256C90B3674F9862036E916326D286BD780B688FF6
ibm66prion1nessus5cve1osv1openvas4nvd1cvelist1aix1