6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
48.5%
A flaw in Eclipse OpenJ9 leads to type confusion under certain circumstances, which can be exploited to access or modify memory. This may allow malicious untrusted code to elevate its privileges. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test Management, IBM Engineering Lifecycle Optimization - Engineering Insights, Global Configuration Management, IBM Engineering Workflow Management, IBM Jazz Reporting Service, IBM Engineering Lifecycle Optimization - Publishing, IBM Engineering Requirements Management DOORS Next
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Version(s) | Affected Product(s) |
---|---|
All | Global Configuration Management |
IBM Jazz Reporting Service | |
6.0.6, 6.0.6.1 | Collaborative Lifecycle Management |
Rational Publishing Engine | |
Rational Team Concert | |
IBM Jazz Reporting Service | |
Rational Engineering Lifecycle Manager | |
Rational DOORS Next Generation | |
Rational Quality Manager | |
7, 7.0.1, 7.0.2 | Engineering Lifecycle Management |
IBM Engineering Lifecycle Optimization - Publishing | |
IBM Engineering Workflow Management | |
IBM Jazz Reporting Service | |
IBM Engineering Lifecycle Optimization - Engineering Insights | |
IBM Engineering Requirements Management DOORS Next | |
IBM Engineering Test Management |
CVE-2022-3676 may affect IBM® Engineering Lifecycle Engineering products mentioned above, which uses IBM Java - Eclipse OpenJ9.
If the Product is deployed on one of the above versions, Please follow the instruction given in the following article.
Link - <https://www.ibm.com/support/pages/node/6839777>
None
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
48.5%