CVE-2022-3676: Input Validation
First published: Mon Oct 24 2022(Updated: )
Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Openj9 | <0.35.0 | |
| IBM Cloud Pak for Business Automation | <=V22.0.2 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF016 | |
| IBM Cloud Pak for Business Automation | <=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-3676?
CVE-2022-3676 is a vulnerability in Eclipse Openj9 before version 0.35.0 that allows for inlining interface calls without a runtime type check.
How does CVE-2022-3676 affect Eclipse Openj9?
CVE-2022-3676 allows a remote attacker to bypass security restrictions in Eclipse Openj9 by exploiting improper runtime type checks in interface calls.
What is the severity of CVE-2022-3676?
The severity of CVE-2022-3676 is medium, with a severity value of 6.5.
Which software versions are affected by CVE-2022-3676?
The affected software versions include Eclipse Openj9 before version 0.35.0 and IBM Cloud Pak for Business Automation versions V22.0.2, V21.0.3 - V21.0.3-IF016, V22.0.1 - V22.0.1-IF006 and later fixes, V21.0.2 - V21.0.2-IF012 and later fixes, V21.0.1 - V21.0.1-IF007 and later fixes, V20.0.1 - V20.0.3 and later fixes, V19.0.1 - V19.0.3 and later fixes, and V18.0.0 - V18.0.2 and later fixes.
How can I fix CVE-2022-3676?
To fix CVE-2022-3676, it is recommended to update to version 0.35.0 or later of Eclipse Openj9, and apply the necessary fixes for the impacted IBM Cloud Pak for Business Automation versions.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/eclipse
- canonical/eclipse openj9
- vendor/ibm
- canonical/ibm cloud pak for business automation
- version/ibm cloud pak for business automation/v22.0.2
- version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if016
- version/ibm cloud pak for business automation/v22.0.1 - v22.0.1-if006 and later fixes v21.0.2 - v21.0.2-if012 and later fixesv21.0.1 - v21.0.1-if007 and later fixesv20.0.1 - v20.0.3 and later fixesv19.0.1 - v19.0.3 and later fixesv18.0.0 - v18.0.2 and later fixes