BD Pyxis™ MedBank Security Vulnerabilities

AMD Server Vulnerabilities – May 2023

Bulletin ID: AMD-SB-3001 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor (ASP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform...

Intel® VTuneTM Profiler Advisory

Summary: Potential security vulnerabilities in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-41982 Description: Uncontrolled search path element in the...

Intel® FPGA Firmware Advisory

Summary: A potential security vulnerability in some Intel® Field Programmable Gate Array (FPGA) products may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-38787 Description: Improper input...

AMD Client UEFI Firmware May 2023 Security Update

AMD has informed HP of potential vulnerabilities identified in client platform components for some AMD Athlon™ Processors and Ryzen™ Processors, which might allow arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

Managed XDR Investigation of Ducktail in Trend Vision One™

The Trend Micro Managed XDR team investigated several Ducktail-related web browser credential dumping incidents involving different...

Client Vulnerabilities – May 2023

Bulletin ID:AMD-SB-4001 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor (ASP), AMD System Management Unit (SMU), and other platform components were discovered, and mitigations are being.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2023) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2023 and April 2022. Vulnerability Details ** CVEID: CVE-2023-21830 ...

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 (CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...

pyxis-suisse.ch Cross Site Scripting vulnerability OBB-3294130

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...

How Microsoft can help you go passwordless this World Password Day

It’s that time of year again. World Password Day is May 4, 2023.1 There’s a reason it’s still going strong 10 years after being created by cybersecurity professionals. A recent study that analyzed more than 15 billion passwords found that the top 10 most popular passwords still include...

Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report

As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....

Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report

As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as.....

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2023 - Includes Oracle January 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ (CVE-2021-2161)

Summary CVE-2021-2161 was disclosed as part of the Oracle April 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-2161 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM® Runtime Environment Java™

Summary Multiple vulnerabilities were disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-35560 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to.....

Security Bulletin: A vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2023-30441)

Summary A vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose...

Security Bulletin: A vulnerability in IBM Java Runtime and in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary IBM® SDK, Java™ Technology Edition, Version 8 and IBM Semeru Runtime Certified Edition 11 that are used by the z/Transaction Processing Facility (z/TPF) system are both vulnerable to CVE-2023-30441. The z/TPF system was updated to address this CVE for both IBM Java SDK and IBM Semeru...

Security Bulletin:Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to CVE-2023-30441

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM....

APC warns about critical vulnerabilities in online UPS monitoring software

In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader...

Security Bulletin: IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. (CVE-2023-29257)

Summary IBM® Db2® is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. Vulnerability Details ** CVEID: CVE-2023-29257 DESCRIPTION: **IBM Db2 is vulnerable to remote code execution as.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as as it may trap when compiling a variation of an anonymous block. (CVE-2023-29255)

Summary IBM® Db2® is vulnerable to a denial of service as as it may trap when compiling a variation of an anonymous block. Vulnerability Details ** CVEID: CVE-2023-29255 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as it may.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. (CVE-2023-27555)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. Vulnerability Details ** CVEID: CVE-2023-27555 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) is...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted SQL query using a LIMIT clause. Vulnerability Details ** CVEID: CVE-2023-26021 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. (CVE-2023-25930)

Summary IBM® Db2® is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. Vulnerability Details ** CVEID: CVE-2023-25930 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. Vulnerability Details ** CVEID: CVE-2023-26022 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash.....

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. (CVE-2023-27559)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Vulnerability Details ** CVEID: CVE-2023-27559 DESCRIPTION: **IBM Db2 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. CVSS...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION:.....

Security Bulletin: NVIDIA CUDA Toolkit - April 2023

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, limited denial of service, and limited information disclosure. To protect your system, download and install this software update from the CUDA Toolkit...

Microsoft Entra delivers 240 percent ROI, according to new Forrester study

Every day we easily move between apps and devices while identity professionals work hard behind the scenes to improve technologies that make this digital experience more secure. With nearly 50 percent of data breaches caused by stolen credentials, it's important for identity professionals to arm...

Microsoft Entra delivers 240 percent ROI, according to new Forrester study

Every day we easily move between apps and devices while identity professionals work hard behind the scenes to improve technologies that make this digital experience more secure. With nearly 50 percent of data breaches caused by stolen credentials, it's important for identity professionals to arm...

Security Bulletin: CVE-2023-30441 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2023-30441 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive...

3 Key Challenges to Clarity in Threat Intelligence: 2023 Forrester Consulting Total Economic Impact™ Study

Inundated with data It would have been really cool to combine those two words to make “inundata,” but it would have been disastrous for SEO purposes. It’s all meant to kick off a conversation about the state of security organizations with regard to threat intelligence. There are several key...

Security Bulletin: CVE-2022-3676 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-3676 was addressed in Eclipse OpenJ9 version 0.35 Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2023 Critical Patch Update. For more information please refer to Oracle's January 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details ** CVEID:...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. For more information please refer to Oracle's October 2022 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details ** CVEID:...

Simplified endpoint management with Microsoft Intune Suite: Adopting a long-term approach with intelligence and automation

The last couple of years have been difficult, with many organizations operating in a response mode. From a global pandemic to an economic downturn to increasing security risks, teams are under more pressure than ever to deliver greater cyber security and do more with less. This responsive...

Simplified endpoint management with Microsoft Intune Suite: Adopting a long-term approach with intelligence and automation

The last couple of years have been difficult, with many organizations operating in a response mode. From a global pandemic to an economic downturn to increasing security risks, teams are under more pressure than ever to deliver greater cyber security and do more with less. This responsive...

Security Bulletin: NVIDIA DGX-1 - April 2023

NVIDIA has released a security update for NVIDIA DGX-1 firmware. This update addresses an issue that may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass. To protect your system, download and install this...

Security Bulletin: NVIDIA ConnectX - April 2023

NVIDIA has released a security update for NVIDIA ConnectX® firmware. This update addresses issues that may lead to denial of service. To protect your system, download and install this firmware update from the NVIDIA Networking Support page. Go to NVIDIA Product Security. Details This section...

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. CVEs: CVE-2022-21541, CVE-2022-21540, CVE-2022-3676, CVE-2021-2163, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619 Vulnerability Details **...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Jan 2023 - Includes Oracle January 2023 CPU

Summary Vulnerabilities may affect IBM® SDK, Java™ Technology Edition. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, Global Configuration Management, IBM...

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...

TPM Out of Bounds Access

Bulletin ID: AMD-SB-7002 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs....

Changes in OWASP API Security Top-10 2023RC | API Security Newsletter

Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of.....

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU -April 2022 to January 2023 affects AIX LPARs in IBM PureData System for Operational Analytics

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used in IBM PureData System for Operational Analytics AIX based LPARs. These issues were disclosed as part of the IBM Java SDK updates in April 2022 to January 2023. These issues were disclosed as...

CVE-2023-28625

A flaw was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of.....