Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in IBM WebSphere Business Services Fabric. Content **VULNERABILITY DETAILS: ** **DESCRIPTION: ** This Security Bulletin addresses the security...
-0.1AI Score
0.904EPSS
Abstract Java™ API Documentation contains a frame injection vulnerability. Content **VULNERABILITY DETAILS: ** CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to...
0.2AI Score
0.904EPSS
Abstract IMS™ Enterprise Suite SOAP Gateway V1.1, V2.1, and V2.2 security vulnerabilities in SSL connections and login processes. Content Security Bulletin: Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483) SUMMARY: IMS™ Enterprise Suite SOAP...
0.4AI Score
0.002EPSS
Abstract Java™ API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS CVEID CVE-2013-1571 DESCRIPTION HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...
AI Score
0.904EPSS
Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in the referenced products. Content **VULNERABILITY DETAILS: ** **DESCRIPTION: ** This Security Bulletin addresses the security vulnerabilities that have...
-0.1AI Score
0.904EPSS
Abstract DB2® Performance Expert and InfoSphere® Optim™ Performance Manager use the IBM® Java™ Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-1720 DESCRIPTION: An unspecified vulnerability in the JRE...
0.4AI Score
0.042EPSS
Abstract IMS™ Explorer for Development bundles the IBM® Eclipse Help System (IEHS) which has a security vulnerability. Content SUMMARY: IMS Explorer for Development bundles the IBM Eclipse Help System (IEHS) which has a security vulnerability. VULNERABILITY DETAILS: CVE ID: CVE-2012-2159 ...
8.1AI Score
0.002EPSS
Abstract GSKit is an IBM product that is used by IBM DB2 for SSL support. The GSKit that is shipped with DB2 contains multiple security vulnerabilities. By default, DB2 does not use SSL for client-server communication and therefore, this vulnerability affects DB2 only if SSL is enabled. Content...
7.2AI Score
0.068EPSS
Security Bulletin: DB2 Escalation of Privilege Vulnerability (CVE-2011-4061)
Abstract The IBM Tivoli Monitoring Agent shipped with IBM DB2 V9.5 and V9.7 products contains an escalation of privilege vulnerability. Content VULNERABILITY DETAILS CVE ID: CVE-2011-4061 DESCRIPTION: The IBM DB2 products listed below bundle IBM Tivoli Monitoring Agent (ITMA), provided for...
6.5AI Score
0.001EPSS
Security Bulletin: IBM DB2 Security Vulnerability in SQLJ.DB2_INSTALL_JAR (CVE-2012-2194).
Abstract Vulnerability in IBM DB2 could allow an authenticated user, without proper authorization, to overwrite JAR files. Content VULNERABILITY DETAILS CVE ID: CVE-2012-2194 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allow an authenticated...
6.8AI Score
0.009EPSS
Abstract Vulnerability in IBM DB2 could allow an authenticated user to cause a stack-based buffer overflow and possibly attain remote code execution. Content VULNERABILITY DETAILS CVE ID: CVE-2012-2197 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could...
7AI Score
0.087EPSS
Abstract Vulnerability in IBM DB2 could allow an authenticated user, without proper authorization, to read XML files. Content VULNERABILITY DETAILS CVE ID: CVE-2012-2196 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allow an authenticated user,...
6AI Score
0.007EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. Vulnerability Details ** CVEID:...
5.3CVSS
6AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government,...
5.3AI Score
0.948EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...
7.5CVSS
8.6AI Score
0.054EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo.....
5.2AI Score
0.567EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo.....
3.4CVSS
5AI Score
0.975EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo.....
5.5AI Score
0.698EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...
9.8CVSS
9.4AI Score
0.014EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government,...
9.6CVSS
0.8AI Score
0.012EPSS
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL could allow a...
5.9CVSS
6.7AI Score
0.946EPSS
Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for JavaTechnology Edition updates in January 2015. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple...
3.4CVSS
4.8AI Score
0.975EPSS
Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for Java Technology Edition updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified.....
5AI Score
0.948EPSS
Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The products that are listed in the Affected product section are shipped with a version....
7.2AI Score
0.055EPSS
Summary Multiple security vulnerabilities exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The affected products are shipped with a version of IBM WebSphere...
5.8AI Score
0.008EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. Vulnerability...
3.7CVSS
5.5AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. Vulnerability...
5.9CVSS
5.3AI Score
0.002EPSS
Summary A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version could...
6.5CVSS
6.7AI Score
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition have been published in a security...
3.1CVSS
6.4AI Score
0.001EPSS
Summary A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...
6.8CVSS
6.3AI Score
0.004EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7used by IBM Process Designer. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-3139 DESCRIPTION:An unspecified vulnerability related to the Java SE Networking...
5.6CVSS
9.5AI Score
0.018EPSS
Summary A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow....
6.8CVSS
6.4AI Score
0.004EPSS
Security Bulletin: CVE-2021-41041 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2021-41041 was addressed in Eclipse OpenJ9 version 0.32 Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by failing to throw the exception captured during bytecode verification when...
5.3CVSS
0.7AI Score
0.001EPSS
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected...
9.8CVSS
4AI Score
0.975EPSS
Microsoft Patch Tuesday Summary Microsoft has fixed 63 vulnerabilities (aka flaws) in the September 2022 update, including five (5) vulnerabilities classified as Critical as they allow Remote Code Execution (RCE). This month's Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1)...
9.8CVSS
0.9AI Score
0.974EPSS
In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for...
7.5CVSS
7.5AI Score
0.001EPSS
0.3AI Score
Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms
Summary TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2022-22475 DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity...
6.5CVSS
6.5AI Score
0.001EPSS
0.3AI Score
ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS
Title: ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Advisory ID: ZSL-2022-5711 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 11.09.2022 Summary The ETAP Safety Manager (ESM) is a central managing and control system that helps you to monitor,...
6.5AI Score
Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the....
9.8CVSS
9.3AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in July 2022. These issues are addressed by WebSphere Application Server shipped with WebSphere...
5.3CVSS
6.4AI Score
0.002EPSS
Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server. These fixes will disable SSLv3 completely. Vulnerability Details CVE ID: CVE-2014-3566...
3.4CVSS
3.9AI Score
0.975EPSS
One Microsoft manager’s entrepreneurial vision for multicloud identity and access
In July 2021, Microsoft acquired CloudKnox, a leader in cloud infrastructure entitlement management (CIEM). Over the past two years, I’ve had the pleasure of getting to know the founder and chief executive officer (CEO), Balaji Parimi, who is now the Partner General Manager of Permissions...
-0.5AI Score
One Microsoft manager’s entrepreneurial vision for multicloud identity and access
In July 2021, Microsoft acquired CloudKnox, a leader in cloud infrastructure entitlement management (CIEM). Over the past two years, I’ve had the pleasure of getting to know the founder and chief executive officer (CEO), Balaji Parimi, who is now the Partner General Manager of Permissions...
-0.5AI Score
4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar
Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand. In a recent survey, 58% of CISOs of SMEs said that their risk of...
-0.2AI Score
Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in April 2022. IBM® Runtime Environment Java™ is used by IBM Spectrum Scale and may be affected by the below vulnerabilities (CVEs). Vulnerability Details ** CVEID: CVE-2022-21496 ...
5.3CVSS
6AI Score
0.001EPSS
Imperva Is a Magic Quadrant Leader for Web Application and API Protection (again)
With the summer coming to a close we are now entering into “Magic Quadrant” season for the application security market and this means the latest edition of the 2022 Gartner® Magic Quadrant for Web and API Protection. Well, we are pleased with the result because once again Imperva has been...
0.1AI Score
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
5.3CVSS
6.1AI Score
0.002EPSS
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler. These issue's were disclosed as part of the Oracle January 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-21365 DESCRIPTION:...
5.3CVSS
5.6AI Score
0.002EPSS