BD Pyxis™ ParAssist Security Vulnerabilities

Security Bulletin: A vulnerability in IBM SDK Java Technology Edition that is used by the IBM FlashSystem 840 and IBM FlashSystem 900 (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition that is used by the IBM® FlashSystem™ 840 and IBM FlashSystem 900. This issue were disclosed as part of the IBM Java SDK updates for October 2015. An exploit of this vulnerability could cause a partial integrity impact....

Security Bulletin: A vulnerability affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of this vulnerability (CVE-2018-1495) could make the system susceptible to an attack which could allow an attacker to overwrite arbitrary files. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in the IBM FlashSystem models 840 and 900

Summary There is a vulnerability to which the FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of this vulnerability could make the system subject to an attack allowing an escalation of privilege. Only systems with 1.4 firmware installed are vulnerable. Vulnerability Details CVEID:....

Security Bulletin: A vulnerability in OpenSLP affects the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSLP to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of this vulnerability (CVE-2017-17833) could make the system susceptible to a denial of service due to a corruption of heap memory by a remote attacker. Vulnerability...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to expose sensitive information, execute arbitrary code, perform cross-site scripting, and/or cause a...

Security Bulletin: Multiple Vulnerabilities in Java affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Java to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible (CVE-2018-2783, CVE-2018-1517, CVE-2018-12539, CVE-2018-3180, and CVE-2018-12547). An exploit of CVE-2018-12547 could make the system susceptible to a buffer overflow which could allow a....

Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in GNU Bash to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-0634, CVE-2016-7543, CVE-2016-9401) could make the system susceptible to an attack which could allow an attacker to execute arbitrary...

Security Bulletin:A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem models 840 and 900 (CVE-2015-3238)

Summary There is a vulnerability in Linux Pluggable Authentication Module (PAM) to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability....

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities (CVE-2015-6563 and CVE-2015-6564) could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an...

Security Bulletin: A vulnerability in OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2015-3194)

Summary There is a vulnerability in OpenSSL to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could cause a system to crash. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a.....

Security Bulletin: A vulnerability in Network Security Services (NSS) affects the IBM FlashSystem models 840 and 900 (CVE-2015-2730)

Summary There is a vulnerability in Network Security Services (NSS) to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker could exploit this vulnerability to forge signatures. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 is susceptible. An exploit of this vulnerability (CVE-2017-5638) could allow a remote attacker to execute arbitrary code on the system Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerabilitiy due to improper privilege management when a specially crafted table access is used. (CVE-2022-43927)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to improper privilege management when a specially crafted table access is used. Vulnerability Details ** CVEID: CVE-2022-43927 DESCRIPTION: **IBM Db2 is vulnerable to information Disclosure due to improper privilege...

Security Bulletin: IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted 'Load' command. (CVE-2022-43929)

Summary IBM® Db2® may be vulnerable to a denial of service when executing a specially crafted 'Load' command. Vulnerability Details ** CVEID: CVE-2022-43929 DESCRIPTION: **IBM Db2 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. CVSS Base score: 6.2 CVSS.....

Trellix HAX 2023 CTF Competition

Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag (CTF) competition! With.....

Trellix HAX 2023 CTF Competition

Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag (CTF) competition! With.....

Automating Vulnerability Management with Qualys VMDR & ServiceNow

With a growing number of cyber-attacks and the push to stay ahead of adversaries, the Vulnerability Management lifecycle has become necessary for ensuring enterprise-grade cyber resiliency. For many organizations, there is a persistent challenge in supporting vulnerability assessment and...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in...

Microsoft Windows UTF-8 Buffer Overruns Exploit

When Microsoft released UTF-8 support for the -A interfaces of the Windows API, it appears to have introduced buffer overrun...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2020-2773 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details ** CVEID: CVE-2020-2601 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component...

Security Bulletin: Apr 2020 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by IBM CICS TX on Cloud. IBM CICS TX on Cloud has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2020-2805 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2021-35560 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2020-14782 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to...

Security Bulletin: A vulnerability in IBM® Java™ Runtime Environment affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Java™ Runtime Environment Java™ Version 8.0 Vulnerability Details ** CVEID: CVE-2020-2654 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details ** CVEID: CVE-2020-14583 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated...

Security Bulletin: A vulnerability in IBM® Runtime Environment Java™ Version 8.0 affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details ** CVEID: CVE-2019-2949 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2020-14781 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details ** CVEID: CVE-2020-14803 DESCRIPTION: **An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information...

Security Bulletin: A vulnerability in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details ** CVEID: CVE-2020-2590 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Version 8.0 Vulnerability Details ** CVEID: CVE-2020-2604 DESCRIPTION: **An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the...

Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by IBM CICS TX on Cloud. IBM CICS TX on Cloud has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2019-2989 DESCRIPTION: **An unspecified vulnerability in Java SE could allow an...

CVE-2022-27677

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged...

Security Bulletin: CVE-2022-21624 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2022-21624 was disclosed in the Oracle October 2022 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2022-21624 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data...

Cross-Thread Return Address Predictions

Bulletin ID: AMD-SB-1045 Potential Impact: Information Disclosure Summary AMD internally discovered a potential vulnerability where certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information...

AMD Ryzen™ Master Security Bulletin

Bulletin ID: AMD-SB-1052 Potential Impact: Privilege Escalation Severity: High Summary AMD Ryzen™ Master is a software tool that gives users advanced, real-time control of system performance. AMD Ryzen™ Master allows the user to control various clock and voltage settings in real time. CVE Details.....

2023.1 IPU - Intel® Processor Advisory

Summary: A potential security vulnerability in some Intel® Processors with Intel® Software Guard Extensions (SGX) may allow information disclosure. Intel is releasing firmware updates to address this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-38090 Description: Improper...

Intel® Quartus® Software Advisory

Summary: Potential security vulnerabilities in the Intel® FPGA SDK for OpenCL™ Intel® Quartus® Prime Pro software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-37329 Description:...

2023.1 IPU - BIOS Advisory

Summary: Potential security vulnerabilities in the BIOS firmware and Intel® Trusted Execution Technology (TXT) Secure Initialization (SINIT) Authenticated Code Modules (ACM) for some Intel® Processors may allow escalation of privilege. Intel is releasing BIOS updates to mitigate these potential...

Security Bulletin: Multiple Vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) affects CICS Transaction Gateway.

Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway. The fix removes vulnerabilities CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details ** CVEID: CVE-2022-21628 .....

Security Bulletin: Vulnerability in IBM Java Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-3676)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 & 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. These issues have been addressed. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw.....

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime....

Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and...

Security Bulletin: Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution.

Summary Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-43680 DESCRIPTION: **libexpat is vulnerable to a denial of...

Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)

Summary IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. Vulnerability Details ** CVEID: CVE-2014-3577 DESCRIPTION: **Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and data integrity impacts due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and allowing an unauthenticated attacker to modify data as seen in the vulnerability details section (CVE-2022-3676,...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2022 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...