Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in Eclipse Openj9

2023-01-3006:23:48

www.ibm.com

eclipse openj9

vulnerability

ibm

esm 5.5.7.0.6

memory access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

48.4%

JSON

Summary

There is a vulnerability in Eclipse Openj9 used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-3676
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Enterprise Content Management System Monitor	5.5

Remediation/Fixes

Please download and install ESM 5.5.7.0.6:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.7.0&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmenterprise_content_management_system_monitorMatch5.5

VendorProductVersionCPE
ibmenterprise_content_management_system_monitor5.5cpe:2.3:a:ibm:enterprise_content_management_system_monitor:5.5:*:*:*:*:*:*:*