Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year
We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. We thank our customers who guide our strategy and product innovation, engage with us deeply in...
0.2AI Score
Summary Multiple vulnerabilities were found with IBM® Runtime Environment Java™ Technology Edition, Version 8 which is shipped with IBM MQ and used for Java & JMS client, AMQP, MQTT, MFT & MQIPT functionality. Vulnerability Details CVEID: CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in....
5.3CVSS
1.7AI Score
0.002EPSS
The Bug Report October 2022 Edition
The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve...
0.3AI Score
0.972EPSS
The Bug Report October 2022 Edition
The Bug Report — October 2022 Edition By Trellix · November 2, 2022 This story was written by Richard Johnson. Do ROP exploits count as jmp scares? Why am I here? Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Of all the months we do this, we’ve...
8.6AI Score
0.972EPSS
Security Bulletin: Vulnerabilities in IBM Java affect IBM FlashSystem models FS900 and V9000
Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2021-35550 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component...
5.9CVSS
0.7AI Score
0.002EPSS
Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP...
-0.1AI Score
Security Bulletin: CVE-2021-28167 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2021-28167 was addressed in Eclipse OpenJ9 version 0.26 Vulnerability Details ** CVEID: CVE-2021-28167 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by a flaw in the jdk.internal.reflect.ConstantPool API. By sending a...
6.5CVSS
0.5AI Score
0.001EPSS
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022and Jul 2022
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8** that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Apr 2022 and Jul...
5.9CVSS
0.6AI Score
0.002EPSS
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other than a direct...
9.8CVSS
9.5AI Score
0.002EPSS
CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!
On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams (FIRST) that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates: TLP:CLEAR...
0.4AI Score
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to unauthorized attacker causing integrity impact as described in the vulnerability details section. IBM i has addressed the vulnerabilities with a fix as described in the remediation/fixes...
5.3CVSS
0.7AI Score
0.002EPSS
Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields...
4.3CVSS
4.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Service has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21496 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component...
5.3CVSS
1.6AI Score
0.001EPSS
2022.1 IPU - Intel® Processor Advisory
Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.**** Vulnerability Details: CVEID: CVE-2022-21151 Description: Processor optimization removal or modification of...
5.1AI Score
0.0005EPSS
2022.1 IPU - Intel® SGX Advisory
Summary: A potential security vulnerability in the Intel® Software Guard Extensions (SGX) Platform may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-0005 Description: Sensitive information...
4.3AI Score
0.001EPSS
0.1AI Score
-0.3AI Score
-0.1AI Score
-0.3AI Score
-0.2AI Score
-0.1AI Score
0.1AI Score
AI Score
-0.2AI Score
Introducing GitHub Advanced Security SIEM integrations for security professionals
GitHub Advanced Security (GHAS) is a developer-first application security platform. GitHub provides the Security Overview page for a high-level view of the security status of their organization or to identify problematic repositories that requires intervention. However, security operations...
AI Score
A Recap of Released Features in Q3 for Imperva’s Online Fraud Prevention Solution
Advanced Bot Protection Earlier this year, Imperva was named a Leader in The Forrester Wave: Bot Management, Q2 2022. Advanced Bot Protection (ABP) ranked at the top in the current offering category, based on criteria including the range of supported use cases, bot detection, configuration and...
-0.1AI Score
Security operations teams are overwhelmed trying to protect their organizations against an onslaught of cyberattacks, including a 92 percent rise in ransomware attacks.1 Too often, existing security tools are siloed or not designed to meet the needs of today’s hybrid cloud environment. The result.....
-0.5AI Score
Security operations teams are overwhelmed trying to protect their organizations against an onslaught of cyberattacks, including a 92 percent rise in ransomware attacks.1 Too often, existing security tools are siloed or not designed to meet the needs of today’s hybrid cloud environment. The result.....
-0.5AI Score
Security operations teams are overwhelmed trying to protect their organizations against an onslaught of cyberattacks, including a 92 percent rise in ransomware attacks.1 Too often, existing security tools are siloed or not designed to meet the needs of today’s hybrid cloud environment. The result.....
-0.5AI Score
Security operations teams are overwhelmed trying to protect their organizations against an onslaught of cyberattacks, including a 92 percent rise in ransomware attacks.1 Too often, existing security tools are siloed or not designed to meet the needs of today’s hybrid cloud environment. The result.....
-0.5AI Score
We're Challenging Convention. Rapid7 Recognized in the 2022 Gartner® Magic Quadrant™ for SIEM.
As the attack surface sprawls, under-resourced security teams have inherent disadvantages. Rapid7 InsightIDR enables resource constrained security teams to achieve sophisticated detection and response, with greater efficiency and efficacy. As a Challenger in the 2022 Gartner Magic Quadrant for...
-0.2AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs: CVE-2021-35578, CVE-2021-35550, and CVE-2022-21496. Vulnerability Details ** CVEID: CVE-2021-35578 DESCRIPTION: **An...
5.9CVSS
1.2AI Score
0.002EPSS
Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month's Patch Tuesday fixes two (2)...
10CVSS
AI Score
0.974EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped with IBM Security Directory Server. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the...
5.9CVSS
1.9AI Score
0.002EPSS
0.1AI Score
0.3AI Score
0.3AI Score
-0.3AI Score
0.4AI Score
AI Score
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using....
5.9CVSS
0.7AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using....
5.3CVSS
0.6AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using....
9.8CVSS
0.9AI Score
0.003EPSS
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM...
5.3CVSS
0.8AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using....
5.3CVSS
0.5AI Score
0.001EPSS
Summary CVE-2020-2590 was disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2020-2590 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality...
3.7CVSS
1.2AI Score
0.001EPSS
Summary CVE-2020-2654 was disclosed as part of the Oracle January 2020 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2020-2654 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial...
3.7CVSS
0.8AI Score
0.001EPSS
Summary CVE-2020-2601 was disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2020-2601 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to...
6.8CVSS
0.8AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application...
9.1CVSS
1.1AI Score
0.004EPSS
Summary CVE-2019-2949 was disclosed in the Oracle October 2019 Critical Patch Update Vulnerability Details ** CVEID: CVE-2019-2949 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information...
6.8CVSS
1AI Score
0.001EPSS