First published: Mon Oct 24 2022(Updated: )
Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
Credit: emo@eclipse.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eclipse Openj9 | <0.35.0 | |
IBM Cloud Pak for Business Automation | <=V22.0.2 | |
IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF016 | |
IBM Cloud Pak for Business Automation | <=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3676 is a vulnerability in Eclipse Openj9 before version 0.35.0 that allows for inlining interface calls without a runtime type check.
CVE-2022-3676 allows a remote attacker to bypass security restrictions in Eclipse Openj9 by exploiting improper runtime type checks in interface calls.
The severity of CVE-2022-3676 is medium, with a severity value of 6.5.
The affected software versions include Eclipse Openj9 before version 0.35.0 and IBM Cloud Pak for Business Automation versions V22.0.2, V21.0.3 - V21.0.3-IF016, V22.0.1 - V22.0.1-IF006 and later fixes, V21.0.2 - V21.0.2-IF012 and later fixes, V21.0.1 - V21.0.1-IF007 and later fixes, V20.0.1 - V20.0.3 and later fixes, V19.0.1 - V19.0.3 and later fixes, and V18.0.0 - V18.0.2 and later fixes.
To fix CVE-2022-3676, it is recommended to update to version 0.35.0 or later of Eclipse Openj9, and apply the necessary fixes for the impacted IBM Cloud Pak for Business Automation versions.