Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM36F2C68B899AF8BE54D9357945C01788F2AC16D2F733CF16B219840B3CE4EA1F
HistoryDec 06, 2022 - 4:12 p.m.

Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-3676)

2022-12-0616:12:30
www.ibm.com
12
ibm tivoli business service manager
cve-2022-3676
java sdk
eclipse openj9
remote attacker
security restrictions
memory access
upgrade
service refresh 7 fp20

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON

Summary

IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2022-3676
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Business Service Manager 6.2.0

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Business Service Manager 6.2.0 IBM strongly recommends addressing the vulnerability now by upgrading the Java SDK.

Security Bulletin: CVE-2022-3676 may affect IBM® SDK, Java™ Technology Edition

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_business_service_managerMatch6.2.0
CPENameOperatorVersion
tivoli business service managereq6.2.0

Related

ibm 66
prion 1
nessus 5
cve 1
osv 1
openvas 4
cvelist 1
nvd 1
aix 1
ibm
ibm
Security Bulletin: Vulnerability in Eclipse OpenJ9 affects Rational Performance Tester (CVE-2022-3676)
2023-06-16 19:07:26
Security Bulletin: IBM Content Manager Enterprise Edition is affected by a vulnerability in Eclipse Openj9
2023-04-28 09:40:03
Security Bulletin: A vulnerability in IBM Java Runtime may affect Tivoli Netcool/OMNIbus
2023-10-24 14:55:04
prion
prion
Design/Logic Flaw
2022-10-24 14:15:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2023:0375-1)
2023-02-14 00:00:00
IBM Java 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20
2022-11-16 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
cve
cve
CVE-2022-3676
2022-10-24 14:15:51
osv
osv
CVE-2022-3676
2022-10-24 14:15:51
openvas
openvas
openSUSE: Security Advisory for java (SUSE-SU-2023:0375-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0375-1)
2023-02-13 00:00:00
cvelist
cvelist
CVE-2022-3676
2022-10-24 00:00:00
nvd
nvd
CVE-2022-3676
2022-10-24 14:15:51
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON
Related for 36F2C68B899AF8BE54D9357945C01788F2AC16D2F733CF16B219840B3CE4EA1F
ibm66prion1nessus5cve1osv1openvas4cvelist1nvd1aix1