Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM91D15DF34BCF8E80C9F9410DE2361E5510559F17B988C7628D92765173604CCA
HistorySep 05, 2023 - 1:27 p.m.

Security Bulletin: A Vulnerability found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2022-3676)

2023-09-0513:27:17
www.ibm.com
27
ibm java
intelligent operations center
cve-2022-3676
vulnerability
bypass security
remote attacker
bytecode
memory access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

48.4%

JSON

Summary

A vulnerability have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about this vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-3676
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Intelligent Operations Center (IOC) 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2, 5.2.3

Remediation/Fixes

The recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.

Download the IBM Intelligent Operations Center Version 5.2.4 is an upgrade to IBM Intelligent Operations Center Version 5.2.3 through IBM Intelligent Operations Center Version 5.2 from the following link:

IBM Intelligent Operations Center Version 5.2.4

Installation instructions for the fix are included in the readme document that is in the fix package.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmintelligent_operations_centerMatch5.1.0
OR
ibmintelligent_operations_centerMatch5.1.0.2
OR
ibmintelligent_operations_centerMatch5.1.0.3
OR
ibmintelligent_operations_centerMatch5.1.0.4
OR
ibmintelligent_operations_centerMatch5.1.0.6
OR
ibmintelligent_operations_centerMatch5.2
OR
ibmintelligent_operations_centerMatch5.2.1
OR
ibmintelligent_operations_centerMatch5.2.2
OR
ibmintelligent_operations_centerMatch5.2.3
VendorProductVersionCPE
ibmintelligent_operations_center5.1.0cpe:2.3:a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*
ibmintelligent_operations_center5.1.0.2cpe:2.3:a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*
ibmintelligent_operations_center5.1.0.3cpe:2.3:a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*
ibmintelligent_operations_center5.1.0.4cpe:2.3:a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*
ibmintelligent_operations_center5.1.0.6cpe:2.3:a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*
ibmintelligent_operations_center5.2cpe:2.3:a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*
ibmintelligent_operations_center5.2.1cpe:2.3:a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*
ibmintelligent_operations_center5.2.2cpe:2.3:a:ibm:intelligent_operations_center:5.2.2:*:*:*:*:*:*:*
ibmintelligent_operations_center5.2.3cpe:2.3:a:ibm:intelligent_operations_center:5.2.3:*:*:*:*:*:*:*

Related

prion 1
ibm 67
nessus 5
openvas 4
cvelist 1
nvd 1
osv 4
cve 1
aix 1
prion
prion
Design/Logic Flaw
2022-10-24 14:15:00
ibm
ibm
Security Bulletin: IBM Content Manager Enterprise Edition is affected by a vulnerability in Eclipse Openj9
2023-04-28 09:40:03
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-3676)
2022-12-06 16:12:30
Security Bulletin: Vulnerability in Eclipse OpenJ9 affects Rational Performance Tester (CVE-2022-3676)
2023-06-16 19:07:26
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2023:0375-1)
2023-02-14 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2022:4602-1)
2022-12-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0375-1)
2023-02-13 00:00:00
openSUSE: Security Advisory for java (SUSE-SU-2023:0375-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
cvelist
cvelist
CVE-2022-3676
2022-10-24 00:00:00
nvd
nvd
CVE-2022-3676
2022-10-24 14:15:51
osv
osv
CVE-2022-3676
2022-10-24 14:15:51
java-1_8_0-openj9-1.8.0.352-1.1 on GA media
2024-06-15 00:00:00
java-11-openj9-11.0.17.0-1.1 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2022-3676
2022-10-24 14:15:51
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

48.4%

JSON
Related for 91D15DF34BCF8E80C9F9410DE2361E5510559F17B988C7628D92765173604CCA
prion1ibm67nessus5openvas4cvelist1nvd1osv4cve1aix1