BD Pyxis™ MedBank Security Vulnerabilities

Security Bulletin: IBM WebSphere Business Services Fabric – Information regarding security vulnerability in IBM SDK for Java, which shipped with IBM WebSphere Application Server and addressed by Oracle CPU June 2013

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in IBM WebSphere Business Services Fabric. Content **VULNERABILITY DETAILS: ** **DESCRIPTION: ** This Security Bulletin addresses the security...

Security Bulletin: IBM WebSphere Business Services Fabric Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java™ API Documentation contains a frame injection vulnerability. Content **VULNERABILITY DETAILS: ** CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to...

Security Bulletin: Multiple vulnerabilities in Product IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483)

Abstract IMS™ Enterprise Suite SOAP Gateway V1.1, V2.1, and V2.2 security vulnerabilities in SSL connections and login processes. Content Security Bulletin: Multiple vulnerabilities exist in IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483) SUMMARY: IMS™ Enterprise Suite SOAP...

Security Bulletin: IBM MessageSight Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java™ API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS CVEID CVE-2013-1571 DESCRIPTION HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java, which shipped with IBM WebSphere Application Server and is addressed by Oracle CPU June 2013

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and is included in the referenced products. Content **VULNERABILITY DETAILS: ** **DESCRIPTION: ** This Security Bulletin addresses the security vulnerabilities that have...

Security Bulletin: Multiple vulnerabilities in IBM DB2 Performance Expert and IBM InfoSphere Optim Performance Manager due to vulnerabilities in IBM Java Runtime Environment (CVE-2012-1720, CVE-2012-5081).

Abstract DB2® Performance Expert and InfoSphere® Optim™ Performance Manager use the IBM® Java™ Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-1720 DESCRIPTION: An unspecified vulnerability in the JRE...

Security Bulletin: Open Redirect and Cross-Site Scripting Vulnerabilities in IMS Enterprise Suite Explorer for Development Help System

Abstract IMS™ Explorer for Development bundles the IBM® Eclipse Help System (IEHS) which has a security vulnerability. Content SUMMARY: IMS Explorer for Development bundles the IBM Eclipse Help System (IEHS) which has a security vulnerability. VULNERABILITY DETAILS: CVE ID: CVE-2012-2159 ...

Security Bulletin: Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203).

Abstract GSKit is an IBM product that is used by IBM DB2 for SSL support. The GSKit that is shipped with DB2 contains multiple security vulnerabilities. By default, DB2 does not use SSL for client-server communication and therefore, this vulnerability affects DB2 only if SSL is enabled. Content...

Security Bulletin: DB2 Escalation of Privilege Vulnerability (CVE-2011-4061)

Abstract The IBM Tivoli Monitoring Agent shipped with IBM DB2 V9.5 and V9.7 products contains an escalation of privilege vulnerability. Content VULNERABILITY DETAILS CVE ID: CVE-2011-4061 DESCRIPTION: The IBM DB2 products listed below bundle IBM Tivoli Monitoring Agent (ITMA), provided for...

Security Bulletin: IBM DB2 Security Vulnerability in SQLJ.DB2_INSTALL_JAR (CVE-2012-2194).

Abstract Vulnerability in IBM DB2 could allow an authenticated user, without proper authorization, to overwrite JAR files. Content VULNERABILITY DETAILS CVE ID: CVE-2012-2194 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allow an authenticated...

Security Bulletin: Buffer Overflow Vulnerability in IBM DB2 Java Stored Procedure Infrastructure (CVE-2012-2197).

Abstract Vulnerability in IBM DB2 could allow an authenticated user to cause a stack-based buffer overflow and possibly attain remote code execution. Content VULNERABILITY DETAILS CVE ID: CVE-2012-2197 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could...

Security Bulletin: XML File Disclosure Vulnerability in IBM DB2 GET_WRAP_CFG_C and GET_WRAP_CFG_C2 (CVE-2012-2196).

Abstract Vulnerability in IBM DB2 could allow an authenticated user, without proper authorization, to read XML files. Content VULNERABILITY DETAILS CVE ID: CVE-2012-2196 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allow an authenticated user,...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21496, CVE-2022-21299)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5, 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government,...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-3737 CVE-2017-3738)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL could allow a...

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition January 2015 CPU affect WebSphere Process Server

Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for JavaTechnology Edition updates in January 2015. Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple...

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition April 2015 CPU affect WebSphere Process Server

Summary There are multiple vulnerabilities in IBM SDK for Java™ Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for Java Technology Edition updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified.....

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU October 2013

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The products that are listed in the Affected product section are shipped with a version....

Security Bulletin: Information regarding security vulnerability in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU January 2014

Summary Multiple security vulnerabilities exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The affected products are shipped with a version of IBM WebSphere...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. Vulnerability...

Security Bulletin: CVE-2019-4732 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version could...

Security Bulletin: A vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Digital Business Automation Workflow family products (CVE-2021-2341)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition have been published in a security...

Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and IBM WebSphere Lombardi Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7used by IBM Process Designer. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2018-3139 DESCRIPTION:An unspecified vulnerability related to the Java SE Networking...

Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability in Java SE could allow....

Security Bulletin: CVE-2021-41041 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-41041 was addressed in Eclipse OpenJ9 version 0.32 Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by failing to throw the exception captured during bytecode verification when...

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected...

September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 63 vulnerabilities (aka flaws) in the September 2022 update, including five (5) vulnerabilities classified as Critical as they allow Remote Code Execution (RCE). This month's Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1)...

Design/Logic Flaw

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for...

ESM ETAP Safety Manager 1.0.0.32 Cross Site Scripting Vulnerability

...

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2022-22475 DESCRIPTION: **IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity...

ETAP Safety Manager 1.0.0.32 Cross Site Scripting

...

ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS

Title: ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Advisory ID: ZSL-2022-5711 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 11.09.2022 Summary The ETAP Safety Manager (ESM) is a central managing and control system that helps you to monitor,...

Design/Logic Flaw

Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the....

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository due to July 2022 CPU plus deferred CVE-2021-2163

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in July 2022. These issues are addressed by WebSphere Application Server shipped with WebSphere...

Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server. These fixes will disable SSLv3 completely. Vulnerability Details CVE ID: CVE-2014-3566...

One Microsoft manager’s entrepreneurial vision for multicloud identity and access

In July 2021, Microsoft acquired CloudKnox, a leader in cloud infrastructure entitlement management (CIEM). Over the past two years, I’ve had the pleasure of getting to know the founder and chief executive officer (CEO), Balaji Parimi, who is now the Partner General Manager of Permissions...

One Microsoft manager’s entrepreneurial vision for multicloud identity and access

In July 2021, Microsoft acquired CloudKnox, a leader in cloud infrastructure entitlement management (CIEM). Over the past two years, I’ve had the pleasure of getting to know the founder and chief executive officer (CEO), Balaji Parimi, who is now the Partner General Manager of Permissions...

4 Key Takeaways from "XDR is the Perfect Solution for SMEs" webinar

Cyberattacks on large organizations dominate news headlines. So, you may be surprised to learn that small and medium enterprises (SMEs) are actually more frequent targets of cyberattacks. Many SMEs understand this risk firsthand. In a recent survey, 58% of CISOs of SMEs said that their risk of...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Scale (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in April 2022. IBM® Runtime Environment Java™ is used by IBM Spectrum Scale and may be affected by the below vulnerabilities (CVEs). Vulnerability Details ** CVEID: CVE-2022-21496 ...

Imperva Is a Magic Quadrant Leader for Web Application and API Protection (again)

With the summer coming to a close we are now entering into “Magic Quadrant” season for the application security market and this means the latest edition of the 2022 Gartner® Magic Quadrant for Web and API Protection. Well, we are pleased with the result because once again Imperva has been...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2022 CPU plus deferred CVE-2021-2163

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, affect IBM Workload Scheduler. These issue's were disclosed as part of the Oracle January 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-21365 DESCRIPTION:...