BD Pyxis™ ParAssist Security Vulnerabilities

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle October 2022 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-35550 DESCRIPTION: **An unspecified vulnerability in.....

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-35603 DESCRIPTION: **An unspecified vulnerability in.....

Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearQuest (CVE-2022-21626)

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...

The Bug Report January 2023 Edition

The Bug Report – January 2023 Edition By Trellix · February 1, 2023 This story was also written by Jesse Chick. Pretty sure we’ve all seen this episode before. Why am I here? Welcome to the Bug Report, Space-Hash™ Edition! (Think about it. We'll wait.) For many of us, January began with a...

The Bug Report January 2023 Edition

The Bug Report – January 2023 Edition By Trellix · February 1, 2023 This story was also written by Jesse Chick. Pretty sure we’ve all seen this episode before. Why am I here? Welcome to the Bug Report, Space-Hash™ Edition! (Think about it. We'll wait.) For many of us, January began with a...

Security Bulletin: A vulnerability in the IBM Java Runtime affects IBM Rational ClearCase (CVE-2022-21626)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 - Includes Oracle October 2022 CPU Vulnerability Details ** CVEID: CVE-2022-21626 ...

CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...

CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

CVE-2022-32516

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...

CVE-2022-32517

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...

CVE-2022-32516

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...

CVE-2022-32515

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...

CVE-2022-32517

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...

CVE-2022-32515

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...

Authentication flaw

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...

Design/Logic Flaw

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...

Input validation

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

Cross site request forgery (csrf)

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...

Spoofing

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...

Security Bulletin: IBM Virtualization Engine TS7700 is vulnerable to a denial of service threat due to use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2022-21626)

Summary IBM Virtualization Engine TS7700 is vulnerable to a denial of service threat (CVE-2022-21626) due to the use of IBM® SDK Java™ Technology Edition, Version 8. The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent...

CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...

Security Bulletin: NVIDIA GeForce Experience - January 2023

NVIDIA has released a software security update for NVIDIA® GeForce Experience™ software. This update addresses issues that may lead to code execution, information disclosure, data tampering, and denial of service. To protect your system, download and install this software update through the...

CVE-2022-32516

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...

CVE-2022-32515

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...

CVE-2022-32517

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...

CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21626)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series - January 2023

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, and Jetson AGX Orin series in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to escalation of privileges, compromised data integrity and...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle July 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-21541 DESCRIPTION: **An...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle April 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-21496 DESCRIPTION: **An...

OpenText Extended ECM 22.3 Java Frontend Remote Code Execution Vulnerability

...

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation Vulnerabilities

...

OpenText Extended ECM 22.3 cs.exe Remote Code Execution Vulnerability

...

Security Bulletin: A CVE-2022-21626 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21626 ...

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

...

Wallarm Releases New End-to-End Solution to Reduce Risk and Time-to-Remediate Leaked API Keys and Secrets

Advancement to API Security Technology Will Combat Recent Surge in Hacks Leveraging Leaked API; Early Release Now Available San Francisco, CA –(BUSINESS WIRE)– January 19, 2023 – Wallarm, the end-to-end API security company, today announced the early release of the Wallarm API Leak Management...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager July 2019 CPU (CVE-2019-2816, CVE-2019-11771, CVE-2019-4473)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0 - 4.1.0.1 . These issues were disclosed as part of the IBM Java SDK updates in July 2019. There are multiple vulnerabilities in IBM® SDK...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms July 2019 CPU (CVE-2019-2816, CVE-2019-11771, CVE-2019-4473)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in July 2019. There are multiple vulnerabilities in IBM® SDK...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms January 2019 CPU (CVE-2018-1890, CVE-2019-2426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in January 2019. There are multiple vulnerabilities in IBM® SDK...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager January 2019 CPU (CVE-2018-1890, CVE-2019-2426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0 - 4.10.1 . These issues were disclosed as part of the IBM Java SDK updates in January 2019. There are multiple vulnerabilities in IBM® SDK...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-3180, CVE-2018-3139)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in Oct 2018. There are multiple vulnerabilities in IBM® SDK Java™...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-3180, CVE-2018-3139)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Oct 2018. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-1656, CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-1656 , CVE-2018-12539 )

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in July 2018. There are multiple vulnerabilities in IBM® SDK...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-2783)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in April 2018. There are multiple vulnerabilities in IBM® SDK...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-2783, CVE-2018-2800)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018. These issues were also addressed by WebSphere Application Server...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms (CVE-2017-10356)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Nov 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...