BD Pyxis™ MedBank Security Vulnerabilities

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Oct 2023. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in...

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise...

Security Bulletin: Vulnerability in IBM® SDK, Java™ Technology Edition may affect IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses BM® SDK, Java™ Technology Edition, and vulnerability CVE-2022-40609 may expose Java process to a variety of malicious attacks Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and...

CVE-2023-5058

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...

CVE-2023-5058

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...

Input validation

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (SNSC)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM System Networking Switch Center (SNSC). These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details VEID: CVE-2018-2579 DESCRIPTION: An...

CVE-2023-5058

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code...

Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics

Explore real use cases demonstrating the transformative impact of Trend Vision One™ – Forensics, an integrated Digital Forensics and Incident Response (DFIR)...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote attack due to IBM Java SDK (CVE-2023-22045, CVE-2023-22049)

Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22045 and CVE-2023-22049 Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement (CVE-2023-38728)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted XML query statement. Vulnerability Details ** CVEID: CVE-2023-38728 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted XML query...

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-33850)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted ALTER TABLE statement (CVE-2023-38720)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted ALTER TABLE statement. Vulnerability Details ** CVEID: CVE-2023-38720 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted ALTER...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query (CVE-2023-30991)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-30991 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...

Security Bulletin: IBM® Db2® is vulnerable to denial of service via a specially crafted query on certain databases. (CVE-2023-30987)

Summary IBM® Db2® is vulnerable to denial of service via a specially crafted query on certain databases. Vulnerability Details ** CVEID: CVE-2023-30987 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query containing common table expressions (CVE-2023-40373)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query containing common table expressions. Vulnerability Details ** CVEID: CVE-2023-40373 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609)

Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement (CVE-2023-38740)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted SQL statement. Vulnerability Details ** CVEID: CVE-2023-38740 DESCRIPTION: **IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) is vulnerable to a denial of service with a specially crafted SQL...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Apr 2023 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.17 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An...

Forrester names Microsoft Intune a Leader in the 2023 Forrester Wave™ for Unified Endpoint Management

Maintaining a secure and optimized digital environment allows new ideas to flourish wherever they occur. In the modern workplace, where devices and locations are no longer fixed, Microsoft Intune eases the task of managing and protecting the endpoints of businesses everywhere. It helps secure...

Forrester names Microsoft Intune a Leader in the 2023 Forrester Wave™ for Unified Endpoint Management

Maintaining a secure and optimized digital environment allows new ideas to flourish wherever they occur. In the modern workplace, where devices and locations are no longer fixed, Microsoft Intune eases the task of managing and protecting the endpoints of businesses everywhere. It helps secure...

Wallarm to Unveil New API Security Solution and Strategic Shift at Black Hat Europe 2023

If you're involved with cybersecurity and are based in Europe, then Black Hat Europe 2023 in London, December 6 and 7 is a must-attend event. Wallarm, the experts in API and Application Security, will be attending the event, and we're excited to connect with you. If you are planning to attend,...

What is SSL VPN?

Deciphering SSL VPN: An In-depth Perspective Pivoting our lens towards data in this digital era, akin to the transition observed during the oil boom, we've realized that the fodder for importance today is safeguarding data while it voyages through global networks. SSL VPN (Secure Sockets Layer...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a remote attacker causing integrity impacts due to the libraries component (CVE-2023-22049).

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing a low integrity impact due to an unspecified vulnerability in the libraries component as described in the vulnerability details section. The vulnerability is fixed....

RenderDoc: Multiple Vulnerabilities

Background RenderDoc is a free MIT licensed stand-alone graphics debugger that allows quick and easy single-frame capture and detailed introspection of any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across Windows, Linux, Android, or Nintendo Switch™. Description Multiple...

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1...

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1...

Intel Optane™ SSD Firmware November 2023 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Optane™ SSD and some Intel® Optane™ SSD DC products, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. .....

AMD Ryzen Master™ SDK August 2023 Security Update

AMD has informed HP of potential security vulnerabilities identified in the AMD® Ryzen Master™ SDK, which might allow arbitrary code execution, denial of service, or information disclosure. AMD has released software updates to mitigate the potential vulnerabilities. AMD has released updates to...

container-tools:ol8 security and bug fix update

aardvark-dns [2:1.7.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.7.0 - Related: #2176055 [2:1.6.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.6.0 - Related: #2176055 buildah [1:1.31.3-1] - update to...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

What Is Multi-Homing?

Decoding the Term: Deciphering the Significance of Multi-Homing? The term multi-homing, in the realm of computer networking, finds itself surrounded by considerable confusion owing to its multifaceted technical nuances. Nevertheless, it stands as a pillar of network security and dependability....

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM Java, IBM Websphere Application Server Liberty and IBM GSKit

Summary There are vulnerabilities in IBM® Java™ Version 8, IBM WebSphere Application Server Liberty and IBM® Global Security Kit (GSKit) used by IBM Planning Analytics and IBM Planning Analytics Workspace. IBM Planning Analytics 2.0.9.19 and IBM Planning Analytics Workspace 2.0.91 have addressed...

What is a Network Management Station (NMS) ?

The Bedrock of the Network Coordination Hub (NCH) Delving into the substantial domain of digital networks, the Network Coordination Hub (NCH) is unveiled as a critical component ensuring fluid network operations. Let us unravel this concept - an NCH signifies a control console employed for...

What Is Microservices Architecture

Mastering the Essential Elements of Services-Focused Programming The methodology of programming using tiny, interdependent software units, often simplified to 'Microservices', has seen a marked uptick in usage in recent times. This distinct architectural paradigm shapes an application as a group...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...

Improper access control

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...

CVE-2023-31320

Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of...

CVE-2023-20596

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code...

CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory...

CVE-2023-20521

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of...

CVE-2023-20563

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local...

CVE-2023-20519

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest...

CVE-2023-20533

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...

CVE-2023-20568

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code...

CVE-2023-20566

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory...

CVE-2023-20526

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of...