Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_JAVA_2022_11_01.NASL
HistoryNov 16, 2022 - 12:00 a.m.

IBM Java 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20

2022-11-1600:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update November 2022 advisory.

  • In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check.
    Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.
    (CVE-2022-3676)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(167737);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/24");

  script_cve_id("CVE-2022-3676");

  script_name(english:"IBM Java 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20");

  script_set_attribute(attribute:"synopsis", value:
"IBM Java is affected a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20. It
is, therefore, affected by a vulnerability as referenced in the IBM Security Update November 2022 advisory.

  - In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check.
    Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.
    (CVE-2022-3676)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ44233");
  # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_November_2022
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fa378344");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the IBM Security Update November 2022 advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3676");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:java");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_java_nix_installed.nbin", "ibm_java_win_installed.nbin");
  script_require_keys("installed_sw/Java");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_list = ['IBM Java'];
var app_info = vcf::java::get_app_info(app:app_list);

var constraints = [
  { 'min_version' : '7.0.0', 'fixed_version' : '7.0.11.15' },
  { 'min_version' : '7.1.0', 'fixed_version' : '7.1.5.15' },
  { 'min_version' : '8.0.0', 'fixed_version' : '8.0.7.20' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
ibmjavacpe:/a:ibm:java

Related

prion 1
ibm 67
osv 1
cve 1
nessus 4
openvas 4
aix 1
prion
prion
Design/Logic Flaw
2022-10-24 14:15:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-3676)
2022-12-06 16:12:30
Security Bulletin: Vulnerability in Eclipse OpenJ9 affects Rational Performance Tester (CVE-2022-3676)
2023-06-16 19:07:26
Security Bulletin: IBM Content Manager Enterprise Edition is affected by a vulnerability in Eclipse Openj9
2023-04-28 09:40:03
osv
osv
CVE-2022-3676
2022-10-24 14:15:51
cve
cve
CVE-2022-3676
2022-10-24 14:15:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2023:0375-1)
2023-02-14 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2022:4602-1)
2022-12-23 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
openvas
openvas
openSUSE: Security Advisory for java (SUSE-SU-2023:0375-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0375-1)
2023-02-13 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37
JSON
Related for IBM_JAVA_2022_11_01.NASL
prion1ibm67osv1cve1nessus4openvas4aix1