Vulnerability Name: CVE-2022-3676 (CCN-239608) Assigned: 2022-10-19 Published: 2022-10-19 Updated: 2022-10-25 Summary: In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type. CVSS v3 Severity: 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-843 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2022-3676 eclipse-cve20223676-sec-bypass(239608) Disallow nop guards for interface call sites #16122 Multiple vulnerabilities may affect IBM Semeru Runtime CVE-2022-3676 may affect IBM SDK, Java Technology Edition A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676) Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-3676, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) IBM SDK, Java Technology Edition Quarterly CPU - Jan 2022 - Includes Oracle January 2022 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time A security vulnerability has been identified in IBM SDK, Java Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-3676) IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9 Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2021-41041, CVE-2022-3676) Vulnerability (CVE-2022-3676) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition Multiple vulnerabilities in IBM Java SDK affect AIX IBM Security SOAR is using a component with a known vulnerability - IBM JDK 8.0.7.16 and earlier Multiple Vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676 Vulnerabilities in IBM Java included with IBM Tivoli Monitoring. Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java A vulnerability in Open JDK affecting Rational Functional Tester IBM SDK Java Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2022-21541, CVE-2022-21540, CVE-2021-2163) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676) Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023 Enterprise Content Management System Monitor is affected by a vulnerability in Eclipse Openj9 IBM Sterling Connect:Direct File Agent is vulnerable to a memory exploit due to Eclipse Openj9 (CVE-2022-3676) Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server October 2022 CPU that is bundled with IBM WebSphere Application Server Patterns IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and data integrity impacts due to multiple vulnerabilities. IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Eclipse Openj9 security bypass (CVE-2022-3676) Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer Vulnerability (CVE-2022-3676) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676) Vulnerability in IBM Java Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-3676) Vulnerability in IBM Java (CVE-2022-3676) affects Power HMC CVE-2022-3676 may affect IBM TXSeries for Multiplatforms IBM Sterling Control Center is vulnerable to security bypass due to Eclipse Openj9 (CVE-2022-3676) CVE-2022-3676 may affect Eclipse Openj9 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility CVE-2022-3676 may affect IBM CICS TX Standard CVE-2022-3676 may affect IBM CICS TX Advanced IBM SDK, Java Technology Edition Quarterly CPU - Oct 2022 - Includes Oracle October 2022 CPU and IBM Java - OpenJ9 CVE-2022-3676 IBM SDK, Java Technology Edition, Security Update February 2023 IBM Security Guardium is affected by multiple vulnerabilities IBM QRadar SIEM includes components with known vulnerabilities IBM Security Verify Governance is vulnerable to remote security bypass (CVE-2022-3676) IBM Content Manager Enterprise Edition is affected by a vulnerability in Eclipse Openj9 IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to October 2022 CPU and January 2023 CPU plus deferred CVE-2022-21426 and CVE-2022-3676 A vulnerability exists in the IBM? SDK, Java? Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2022-3676). Vulnerability in Eclipse OpenJ9 affects Rational Performance Tester (CVE-2022-3676) Vulnerability in Eclipse OpenJ9 affects Rational Service Tester (CVE-2022-3676) Vulnerabilities in Eclipse OpenJ9 may affect IBM Storage Protect Server (CVE-2022-3676) Multiple Vunerabilities in IBM Java SDK affect IBM Cloud Pak System A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-3676) Multiple vulnerabilities in IBM SDK Java affect IBM App Connect Enterprise and IBM Integration Bus Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects APM Agents for Monitoring Multiple Vulnerabilities in Rational Synergy 7.2.2.5 CVE-2022-3676 Vulnerable Configuration: Configuration CCN 1 :cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.0:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_patterns:2.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_performance_tester:9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_software_architect_designer:9.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:ilog_cplex_optimization_studio:12.8:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:* OR cpe:/a:ibm:ilog_cplex_optimization_studio:12.9:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_application_performance_management:8.1.4:*:*:*:*:advanced_private:*:* OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:ilog_cplex_optimization_studio:12.10:*:*:*:*:*:*:* OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_service_tester:9.5:*:*:*:soa_quality:*:*:* OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_application_developer:9.6:*:*:*:websphere:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_service_tester:9.2:*:*:*:soa_quality:*:*:* OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:secure_external_authentication_server:6.0.3:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:* OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:* OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:* OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:robotic_process_automation:21.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:sterling_external_authentication_server:6.1.0:*:*:*:*:*:*:* Oval Definitions BACK
ibm aix 7.1
ibm cics transaction gateway 9.0
ibm tivoli monitoring 6.3.0
ibm i 7.2
ibm cics transaction gateway 9.1
ibm websphere service registry and repository 8.5
ibm tivoli netcool configuration manager 6.4.1
ibm spss collaboration and deployment services 7.0
ibm content collector 4.0.1
ibm txseries 8.1
ibm txseries 8.2
ibm rational business developer 9.5
ibm i 7.3
ibm websphere application server patterns 1.0.0.0
ibm aix 7.2
ibm tivoli netcool configuration manager 6.4.2
ibm spectrum protect 8.1
ibm spss collaboration and deployment services 8.0
ibm spss collaboration and deployment services 8.1
ibm spss collaboration and deployment services 8.1.1
ibm security guardium 10.5
ibm websphere application server patterns 1.0.0.7
ibm websphere application server patterns 2.2.0.0
ibm tivoli monitoring 6.3.0.7
ibm rational performance tester 9.2
ibm rational software architect designer 9.6
ibm tivoli netcool/impact 7.1.0
ibm ilog cplex optimization studio 12.8
ibm app connect 11.0.0.1
ibm security guardium 10.6
ibm ilog cplex optimization studio 12.9
ibm cloud application performance management 8.1.4
ibm tivoli business service manager 6.2.0
ibm i 7.4
ibm java 7.0.0.0
ibm java 7.1.0.0
ibm java 8.0.0.0
ibm vios 3.1
ibm voice gateway 1.0.2
ibm voice gateway 1.0.3
ibm cloud transformation advisor 2.0.1
ibm ilog cplex optimization studio 12.10
ibm txseries 9.1
ibm tivoli application dependency discovery manager 7.3.0.0
ibm voice gateway 1.0.2.4
ibm voice gateway 1.0.4
ibm rational business developer 9.6
ibm cloud pak system 2.3.1.1
ibm spss collaboration and deployment services 8.2
ibm spss collaboration and deployment services 8.2.1
ibm qradar security information and event manager 7.4 -
ibm voice gateway 1.0.5
ibm event streams 10.0.0
ibm cloud pak system 2.3.2.0
ibm rational service tester 9.5
ibm event streams 10.1.0
ibm rational application developer 9.6
ibm voice gateway 1.0.7
ibm rational service tester 9.2
ibm security guardium 11.3
ibm event streams 10.2.0
ibm app connect enterprise 12.0.1.0
ibm event streams 10.3.0
ibm event streams 10.3.1
ibm security guardium 11.4
ibm sterling secure proxy 6.0.3
ibm secure external authentication server 6.0.3
ibm aix 7.3
ibm cloud pak for business automation 18.0.0
ibm cloud pak for business automation 18.0.2
ibm cloud pak for business automation 19.0.1
ibm cloud pak for business automation 19.0.3
ibm cloud pak for business automation 20.0.1
ibm cloud pak for business automation 20.0.3
ibm cloud pak for business automation 21.0.1 -
ibm cloud pak for business automation 21.0.2 -
ibm cloud pak for business automation 21.0.3 -
ibm i 7.5
ibm cics tx 11.1
ibm cics tx 11.1
ibm security verify governance 10.0
ibm cloud pak for business automation 22.0.1 -
ibm cics transaction gateway 9.2
ibm robotic process automation for cloud pak 21.0.7
ibm robotic process automation 21.0.7
ibm robotic process automation 23.0.0
ibm cloud pak for business automation 22.0.2 -
ibm sterling external authentication server 6.1.0
Denotes that component is vulnerable