Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM36DD5C7627B0397069DF20A0331D766D97ADD17960FED0C25D954C9BF6D7F2CB
HistoryJan 16, 2023 - 7:02 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM Java - Eclipse OpenJ9 is vulnerable to CVE-2022-3676

2023-01-1607:02:20
www.ibm.com
39
ibm engineering lifecycle
eclipse openj9
cve-2022-3676
type confusion
ibm java
security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON

Summary

A flaw in Eclipse OpenJ9 leads to type confusion under certain circumstances, which can be exploited to access or modify memory. This may allow malicious untrusted code to elevate its privileges. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test Management, IBM Engineering Lifecycle Optimization - Engineering Insights, Global Configuration Management, IBM Engineering Workflow Management, IBM Jazz Reporting Service, IBM Engineering Lifecycle Optimization - Publishing, IBM Engineering Requirements Management DOORS Next

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Version(s) Affected Product(s)
All Global Configuration Management
IBM Jazz Reporting Service
6.0.6, 6.0.6.1 Collaborative Lifecycle Management
Rational Publishing Engine
Rational Team Concert
IBM Jazz Reporting Service
Rational Engineering Lifecycle Manager
Rational DOORS Next Generation
Rational Quality Manager
7, 7.0.1, 7.0.2 Engineering Lifecycle Management
IBM Engineering Lifecycle Optimization - Publishing
IBM Engineering Workflow Management
IBM Jazz Reporting Service
IBM Engineering Lifecycle Optimization - Engineering Insights
IBM Engineering Requirements Management DOORS Next
IBM Engineering Test Management

Remediation/Fixes

CVE-2022-3676 may affect IBM® Engineering Lifecycle Engineering products mentioned above, which uses IBM Java - Eclipse OpenJ9.

If the Product is deployed on one of the above versions, Please follow the instruction given in the following article.

Link - <https://www.ibm.com/support/pages/node/6839777&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmibm_engineering_lifecycle_management_baseMatch6.0.6
OR
ibmibm_engineering_lifecycle_management_baseMatch6.0.6.1
OR
ibmibm_engineering_lifecycle_management_baseMatch7.0
OR
ibmibm_engineering_lifecycle_management_baseMatch7.0.1
OR
ibmibm_engineering_lifecycle_management_baseMatch7.0.2

Related

ibm 66
prion 1
nessus 5
osv 1
cve 1
openvas 4
cvelist 1
nvd 1
aix 1
ibm
ibm
Security Bulletin: Vulnerability in Eclipse OpenJ9 affects Rational Performance Tester (CVE-2022-3676)
2023-06-16 19:07:26
Security Bulletin: IBM Content Manager Enterprise Edition is affected by a vulnerability in Eclipse Openj9
2023-04-28 09:40:03
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-3676)
2022-12-06 16:12:30
prion
prion
Design/Logic Flaw
2022-10-24 14:15:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2023:0375-1)
2023-02-14 00:00:00
IBM Java 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20
2022-11-16 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2022:4602-1)
2022-12-23 00:00:00
osv
osv
CVE-2022-3676
2022-10-24 14:15:51
cve
cve
CVE-2022-3676
2022-10-24 14:15:51
openvas
openvas
openSUSE: Security Advisory for java (SUSE-SU-2023:0375-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0375-1)
2023-02-13 00:00:00
cvelist
cvelist
CVE-2022-3676
2022-10-24 00:00:00
nvd
nvd
CVE-2022-3676
2022-10-24 14:15:51
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON
Related for 36DD5C7627B0397069DF20A0331D766D97ADD17960FED0C25D954C9BF6D7F2CB
ibm66prion1nessus5osv1cve1openvas4cvelist1nvd1aix1