BD Pyxis™ MedBank Security Vulnerabilities

What Developers Need to Fight the Battle Against Common Vulnerabilities

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - November 2022

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....

Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection

...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository due to October 2022 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in October 2022. These issues are addressed by WebSphere Application Server shipped with WebSphere...

Security Bulletin: NVIDIA GPU Display Driver - November 2022

NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. To protect your system, download and install this software update...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-28167)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-28167 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)

Summary IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. Vulnerability Details ** CVEID: CVE-2022-35637 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-41041)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass...

How the MITRE ATT&CK Framework Enhances Cloud Security

Upgrade your cybersecurity game with MITRE ATT&CK™. Discover how this framework can help you protect your business—now and in the...

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state.....

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state.....

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - October 2022 - Includes Oracle October 2022 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)

Summary IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. Vulnerability Details ** CVEID: CVE-2022-22483 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 9.7, 10.1,...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 & 8 used by Tivoli Netcool Performance Manager for Wireless. Tivoli Netcool Performance Manager for Wireless has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates...

Security Bulletin: IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299).

Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299). Vulnerability Details ** CVEID: CVE-2022-21299 DESCRIPTION:...

Trellix Global Defenders: Analysis and Protections for Destructive Wipers

Trellix Global Defenders: Analysis and Protections for Destructive Wipers By Ayed Al Qartah · November 17, 2022 Modern cyber warfare involves the actions of a nation-state or their proxies (organized crime and hacker groups) to attack and attempt to damage other nations’ computers or information...

Trellix Global Defenders: Analysis and Protections for Destructive Wipers

Trellix Global Defenders: Analysis and Protections for Destructive Wipers By Ayed Al Qartah · November 17, 2022 Modern cyber warfare involves the actions of a nation-state or their proxies (organized crime and hacker groups) to attack and attempt to damage other nations’ computers or information...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update July 2022

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to July 2022. IBM 8 SR7 FP15 (1.8.0_341). Vulnerability Details CVEID: CVE-2022-21496...

Security Bulletin: IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)

Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and version 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. (CVE-2022-22390)

Summary IBM® Db2® is vulnerable to an information disclosure caused by improper privilege management when table function is used. Vulnerability Details ** CVEID: CVE-2022-22390 DESCRIPTION: **IBM Db2 may be vulnerable to an information disclousre caused by improper privilege management when table.....

Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)

Summary Apache Log4j open source library used by IBM® Db2® is affected by multiple vulnerabilities that could allow a remote attacker to execute arbitrary code on the system or cause a denial of service. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update....

Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228)

Summary Apache Log4j open source library used by IBM® Db2® is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library. Please see...

Security Bulletin: A vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44832)

Summary The Apache Log4j open source library used by IBM® Db2® is affected by a vulnerability that could allow a remote attacker to execute arbitrary code on the system. This library is used by the Db2 Federation feature. The fix for the vulnerability is to update the log4j library to version...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility - CVE-2021-2163

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate....

Q3-2022 API ThreatStats™ Report

The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it was smooth sailing for the state of API vulnerabilities in Q3—or was it just a lull in the storm? As it turns out, it’s neither. Read on to learn more about Wallarm’s analysis of....

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Cognos Express. This issue was disclosed as part of the IBM Java SDK updates in July 2016. OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Express (CVE-2014-4244, CVE-2014-4263)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Planning Analytics Express and IBM Cognos Express.

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Planning Analytics Express and IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. OpenSSL vulnerabilities were...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.

Summary There are multiple vulnerabilities in Open Source Apache Tomcat that is used by IBM Cognos Express. Additionally, there are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Express. This bulletin also addresses LOGJAM: The.....

CVE-2021-26392

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious...

CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Planning Analytics and IBM Planning Analytics Workspace

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics and IBM Planning Analytics Workspace. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytics Workspace....

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 & 8 used by Tivoli Netcool Performance Manager for Wireless. Tivoli Netcool Performance Manager for Wireless has addressed the applicable CVEs.T hese issues were disclosed as part of the IBM Java SDK updates...

November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).

Microsoft Patch Tuesday Summary Microsoft has fixed 65 new vulnerabilities (aka flaws) in the November 2022 update, including ten (10) vulnerabilities classified as Critical as they allow Denial of Service (DoS), Elevation of Privilege (EoP), and Remote Code Execution (RCE). This month's Patch...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in April 2022 and Includes Oracle April 2022 CPU. Vulnerability Details ** CVEID: CVE-2022-21299 DESCRIPTION:...

Authorization

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the...

Integer overflow

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a...

AMD μProf Security Bulletin

Bulletin ID: AMD-SB-1046 Potential Impact: Denial of service Severity:Medium Summary AMD μProf (“MICRO-prof”) is a software profiling analysis tool for x86 applications running on Windows, Linux and FreeBSD operating systems and provides event information unique to the AMD “Zen”-based processors...

Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi Advisory

Summary: A potential security vulnerability in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi products may allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26047 Description:...

IBPB and Return Stack Buffer Interactions

Bulletin ID: AMD-SB-1040 Potential Impact: Information Disclosure Severity:Medium Summary AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 (previously known as Spectre Variant 2) attacks....

2022.3 IPU – BIOS Advisory

Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-26006 Description: Improper input validation in the....

AMD Graphics Driver Vulnerabilities – November 2022

Bulletin ID: AMD-SB-1029 Potential Impact: Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary AMD received reports of vulnerabilities potentially affecting some AMD Graphics products. Refer to the CVE Details section for information about each CVE. CVE...

Intel® VTune™ Profiler Advisory

Summary: A potential security vulnerability in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-26028 Description: Uncontrolled search path in the Intel(R)...

 Intel® Distribution of OpenVINO™ Toolkit Advisory

Summary: A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit software may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-26251 Description: Improper input validation in the....

Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi, and Killer™ WiFi November 2022 Security Update

Intel has informed HP of a potential vulnerability identified in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi, and Killer™ WiFi products, which might allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability. Intel has released updates to...

Intel® XMM™ 7560 Modem November 2022 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® XMM™ 7560 Modem software, which might allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. HP.....

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2019 through July 2022 affects AIX LPARs in IBM PureData System for Operational Analytics

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used in IBM PureData System for Operational Analytics AIX based LPARs. These issues were disclosed as part of the IBM Java SDK updates between January 2019 and July 2022....

Security Bulletin: Vulnerabilities in Eclipse OpenJ9 affects AIX LPARs in IBM PureData System for Operational Analytics (CVE-2021-41041)

Summary There are one or more vulnerabilities in Eclipse OpenJ9 that is used in IBM PureData System for Operational Analytics AIX based LPARs (CVE-2021-41041). Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security...

Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year

We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. We thank our customers who guide our strategy and product innovation, engage with us deeply in...