AMD EPYC™ Security Vulnerabilities
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to exposing sensitive information using a combination of flaws and configurations as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i Group PTF...
6.2AI Score
0.002EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issue, CVE-2023-30441. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus.....
5.9AI Score
0.002EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable issue, CVE-2023-30441. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java...
5.9AI Score
0.002EPSS
Summary IBM® Runtime Environment Java™ Technology Edition, Version 8 is shipped as a component of Tivoli Netcool/OMNIbus. Information about a security vulnerability affecting the IBM Java Runtime has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-30441 ...
6.1AI Score
0.002EPSS
Rapid7 Recognized as a Strong Performer in The Forrester Wave™ for MDR, Q2 2023
Rapid7 recognized amongst the top MDR providers in the industry. As security teams try to do more with less, addressing the sprawling attack surface and monitoring the escalating threat and risk landscape, it inherently leaves them at a disadvantage. Rapid7 Managed Threat Complete empowers...
6.9AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in October 2022 and January 2023. These issues are addressed by WebSphere Application Server shipped...
6.7AI Score
0.002EPSS
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.
Summary Vulnerabilities in IBM® Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2023-21830, CVE-2023-21843, CVE-2022-21426 Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related...
6.3AI Score
0.001EPSS
8.4AI Score
8.4AI Score
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and...
9.1CVSS
8.8AI Score
0.001EPSS
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...
7.5CVSS
7.9AI Score
0.001EPSS
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a...
6.1CVSS
6.5AI Score
0.001EPSS
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code...
8.8CVSS
8.8AI Score
0.001EPSS
Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of...
7.5CVSS
7.7AI Score
0.001EPSS
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of...
9.1CVSS
9.1AI Score
0.001EPSS
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of...
5.9CVSS
6.4AI Score
0.001EPSS
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of...
7.5CVSS
8.4AI Score
0.001EPSS
A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code...
9.8CVSS
9.4AI Score
0.003EPSS
Insufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory...
7.5CVSS
7.9AI Score
0.001EPSS
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of...
7.5CVSS
7.9AI Score
0.001EPSS
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code...
9.8CVSS
9.6AI Score
0.003EPSS
Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code...
6.8CVSS
7.2AI Score
0.001EPSS
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code...
8.8CVSS
9.1AI Score
0.001EPSS
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of...
7.5CVSS
7.8AI Score
0.001EPSS
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of...
7.5CVSS
8AI Score
0.001EPSS
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of...
9.1CVSS
9AI Score
0.001EPSS
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and...
9.1CVSS
9AI Score
0.001EPSS
Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege...
9.8CVSS
9.2AI Score
0.002EPSS
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...
5.5CVSS
7.2AI Score
0.0004EPSS
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...
7.5CVSS
7.9AI Score
0.001EPSS
Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...
8.2CVSS
8.6AI Score
0.001EPSS
Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or...
7.1CVSS
7.3AI Score
0.0004EPSS
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of...
7.5CVSS
8.5AI Score
0.001EPSS
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...
5.5CVSS
7.2AI Score
0.0004EPSS
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information...
7.4CVSS
8.5AI Score
0.001EPSS
Managed XDR Investigation of Ducktail in Trend Micro Vision One™
The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different...
7.1AI Score
AMD Server Vulnerabilities – May 2023
Bulletin ID: AMD-SB-3001 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform...
9.8CVSS
8.1AI Score
0.001EPSS
Intel® VTuneTM Profiler Advisory
Summary: Potential security vulnerabilities in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-41982 Description: Uncontrolled search path element in the...
7AI Score
Intel® oneAPI Toolkit and Component Software Installers Advisory
Summary: A potential security vulnerability in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22355 Description: Uncontrolled search....
6.8AI Score
AMD Client UEFI Firmware May 2023 Security Update
AMD has informed HP of potential vulnerabilities identified in client platform components for some AMD Athlon™ Processors and Ryzen™ Processors, which might allow arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...
7.3AI Score
0.001EPSS
Summary: A potential security vulnerability in some Intel® Field Programmable Gate Array (FPGA) products may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-38787 Description: Improper input...
6.8AI Score
Managed XDR Investigation of Ducktail in Trend Vision One™
The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different...
7.1AI Score
Client Vulnerabilities – May 2023
Bulletin ID:AMD-SB-4001 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were discovered, and mitigations are being.....
9.8CVSS
8.2AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2023 and April 2022. Vulnerability Details ** CVEID: CVE-2023-21830 ...
6.5AI Score
0.001EPSS
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 (CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...
8.9AI Score
0.802EPSS
How Microsoft can help you go passwordless this World Password Day
It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...
7.3AI Score
How Microsoft can help you go passwordless this World Password Day
It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...
7.3AI Score
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....
6.6AI Score
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....
6.7AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
7AI Score
0.001EPSS