Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676)

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-3676
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

The recommended solution is to download and install the appropriate version of IBM JRE as soon as practicable.

Before installing a newer version of IBM JRE, please ensure that you:

• Close any open programs that you may have running;
• Rename the initial directory of the IBM JRE (for example: with a .old at the end),
• Download and install the appropriate IBM JRE version.

IBM ILOG CPLEX Optimization Studio :

IBM JRE Version 8 Service Refresh 7 Fix Pack 20 and subsequent releases

IBM JRE Version 7 Service Refresh 11 Fix Pack 15 and subsequent releases

You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM JRE.

For macOS, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None