BD Pyxis™ MedBank Security Vulnerabilities

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase ( CVE-2021-35578, CVE-2021-35603, CVE-2021-35550, CVE-2021-35561, CVE-2022-21299 )

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2021 and January 2022. Vulnerability Details ** CVEID: CVE-2021-35578 DESCRIPTION: **An...

BSA-2022-2012

Security Advisory ID : BSA-2022-2012 Component : Brocade Fabric OS Revision : 1.1: Final ** Brocade has received a report from Black Lantern Security of a potential Privileged Directory Traversal vulnerability on Brocade Fabric OS: v7.4.1b, v7.3.1d stating that: “From within the restricted...

4 Key Statistics to Build a Business Case for an MDR Partner

From one person to the next, the word “impact” may have wildly different connotations. Is the word being used in a positive or negative sense? For an understaffed security organization attempting to fend off attacks and plug vulnerabilities, the impact of all of that work is most likely negative:.....

Security Bulletin: Multiple vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with IBM Robotic Process Automation

Summary IBM SDK, Java Technology Edition is shipped as a component of IBM Robotic Process Automation. Information about a security vulnerabilities affecting IBM SDK, Java Technology Edition have been published in a security bulletins. Vulnerability Details ** CVEID: CVE-2022-21365 DESCRIPTION:...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM

Summary A vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21341 DESCRIPTION: **An unspecified vulnerability in Java SE...

How Microsoft Security partners are helping customers do more with less

There has never been a greater demand for specialized cybersecurity expertise—or a greater opportunity for our partners to support our customers with new services and solutions. Over the last year, the permanent shift to hybrid work has empowered businesses to be remote and mobile. Increased...

How Microsoft Security partners are helping customers do more with less

There has never been a greater demand for specialized cybersecurity expertise—or a greater opportunity for our partners to support our customers with new services and solutions. Over the last year, the permanent shift to hybrid work has empowered businesses to be remote and mobile. Increased...

How to ‘Win’ a Red Team Exercise

What is a red team exercise? Organizations that conduct red team exercises use penetration testing tactics to assess vulnerabilities and discover weak points in their cybersecurity preparation. Usually, this involves two teams - one red (the protagonists) and one blue (the incident responders who.....

CVE-2021-26384

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of...

CVE-2021-26382

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of...

Security Bulletin: IBM® Java™ SDK Technology Edition, Oct 2021, affects IBM Security Verify Governance, Identity Manager virtual appliance component

Summary There are multiple vulnerabilities in IBM® Java™ SDK Technology Edition, Oct 2021, used by IBM Security Verify Governance, Identity Manager virtual appliance component. IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the applicable CVEs....

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library

Summary IBM® Db2® is affected by multiple vulnerabilities due to the consumed Expat library leading to a denial of service or arbitrary code execution. Vulnerability Details ** CVEID: CVE-2022-25313 DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by stack exhaustion in...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2022-22389)

Summary IBM® Db2® is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. Vulnerability Details ** CVEID: CVE-2022-22389 DESCRIPTION: **IBM Db2 is vulnerable to a denial of service as the server may...

AMD CPU Branch Type Confusion

Bulletin ID: AMD-SB-1037 Potential Impact: Information disclosure, arbitrary speculative code execution Severity:Medium Summary This security bulletin addresses two issues related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security...

Rapid7 MDR Reduced Breaches by 90% via Greater Efficiency to Detect, Investigate, Respond to, and Remediate Breaches

When a security operations center (SOC) is operating at a deficit, they increase the possibility of beach reductions. That is, the likelihood they won’t be able to travel to any beaches – or any vacation destinations whatsoever – anytime in the near future. That can lead to burnout, which can lead....

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in July 2021, October 2021 and January 2022. Vulnerability Details ** CVEID: CVE-2021-35550 ...

The Benefits of Including Static Data Masking in Your Security Arsenal

Static data masking (SDM) is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer capable of protecting large.....

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2022 - Includes Oracle April 2022 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8** that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...

Security Bulletin: A security vulnerability has been identified in in IBM Java SDK shipoped with IBM Tivoli Netcool Impact (CVE-2021-35603)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-35603 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle April 2022 Critical Patch Update, minus CVE-2022-21426 Vulnerability.....

Security Bulletin: A security vulnerability has been identified in in IBM Java SDK shipoped with IBM Tivoli Netcool Impact (CVE-2021-35561)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. This issue was disclosed in the Oracle October 2021 Critical Patch Update. Vulnerability Details ** CVEID:...

Security Bulletin: A security vulnerability has been identified in in IBM Java SDK shipoped with IBM Tivoli Netcool Impact (CVE-2022-21299)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. This issue was disclosed in the Oracle January 2022 Critical Patch Update. Vulnerability Details ** CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21496 DESCRIPTION:.....

Security Bulletin: A security vulnerability has been identified in in IBM Java SDK shipoped with IBM Tivoli Netcool Impact (CVE-2021-35550)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE. This issue was disclosed in the Oracle January 2022 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35550...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2021-35550, CVE-2021-35603)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™, used by IBM Spectrum Protect Operations Center and Client Management Service, may be affected by the below vulnerabilities (CVEs)....

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Server (CVE-2021-35550, CVE-2021-35603)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Server and may be affected by the below vulnerabilities (CVEs). Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2021-35550, CVE-2021-35603)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21365 DESCRIPTION: **An unspecified vulnerability in Java SE related...

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2021 & January 2022

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, as used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2021 and January 2022. IBM Virtualization Engine TS7700 has addressed the applicable...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 (8.0.7.5). Vulnerability Details ** CVEID: CVE-2022-21365 ...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 (8.0.7.5). Vulnerability Details ** CVEID: CVE-2021-35550 ...

Five Ways the Gaming & Gambling Industry is Targeted by Bad Bots

Let’s play a game of chance: What are the odds that your gaming website is being targeted by bad bots? Imperva research suggests they’re higher than you may think. Imperva’s 2022 Bad Bot Report reveals that 53.9 percent of traffic to gaming and gambling websites comes from bad bots. With the...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by Install Agent and Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details **...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by Install Agent and Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details **...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK....

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated...

Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in May 2018 and Jetty Server update in May 2019. Vulnerability...

Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in March 2019 Vulnerability Details CVE-ID: CVE-2018-1890 Description:On the AIX...

Security Bulletin: Multiple Java Vulnerabilities Affect IBM Connect:Direct Web Services

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in May 2019 Vulnerability Details CVE-ID: CVE-2019-10246 Description: Eclipse.....

Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-2783)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details CVEID: CVE-2018-2783...

Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2018-1656)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in Sep 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION:.....

Rapid7 MDR Delivered 549% ROI via Headcount Avoidance, Time Savings, and Breach Risk Reduction

In-house security organizations these days are operating at an extreme deficit. Skeleton crews are running entire security operations centers (SOCs). A constant barrage of alerts is making it difficult for these teams to detect and investigate every alert and stay ahead of today’s evolving...

Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary CVE-2021-35603 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-35603 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive...

Security Bulletin: CVE-2020-35550 may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary CVE-2021-35550 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2021-35550 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive...

Security Bulletin: June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed a CVE that could allow an unauthenticated attacker to cause a denial of service and two CVEs that could allow an...

Security Bulletin: A vulnerability (CVE-2022-21299) in IBM Java Runtime affects CICS Transaction Gateway

Summary IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2022-21299 that could allow an unauthenticated attacker to cause a denial of service. Vulnerability Details ** CVEID: CVE-2022-21299 DESCRIPTION: **An...

Security Bulletin: A vulnerability (CVE-2021-35603) in IBM Java Runtime affects CICS Transaction Gateway

Summary IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-35603 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details ** CVEID: CVE-2021-35603 DESCRIPTION: **An...

Security Bulletin: A vulnerability (CVE-2021-35561) in IBM Java Runtime affects CICS Transaction Gateway

Summary IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-35561 that can allow an unauthenticated attacker to cause a denial of service. Vulnerability Details ** CVEID: CVE-2021-35561 DESCRIPTION: **An unspecified...