Summary Vulnerabilities may affect IBM® SDK, Java™ Technology Edition. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, Global Configuration Management, IBM...
5.3CVSS
5.6AI Score
0.001EPSS
Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2022-21426 was disclosed as part of the Oracle April 2022 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...
5.3CVSS
5.7AI Score
0.001EPSS
Bulletin ID: AMD-SB-7002 Potential Impact:Varies by CVE, see descriptions below Severity:Varies by CVE, see descriptions below Summary Researchers have identified two potential vulnerabilities that affect systems using the TPM 2.0 reference implementation, including some systems using AMD CPUs....
7.8CVSS
7.4AI Score
0.001EPSS
Changes in OWASP API Security Top-10 2023RC | API Security Newsletter
Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of.....
9.8CVSS
9.6AI Score
0.969EPSS
Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used in IBM PureData System for Operational Analytics AIX based LPARs. These issues were disclosed as part of the IBM Java SDK updates in April 2022 to January 2023. These issues were disclosed as...
5.3CVSS
5.9AI Score
0.002EPSS
A flaw was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache HTTP server. It is possible to trigger a NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, leading to a segmentation fault and a denial of.....
7.5CVSS
7.2AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
5.3CVSS
6.8AI Score
0.001EPSS
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of...
8.8CVSS
8.6AI Score
0.001EPSS
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of...
8.8CVSS
8.6AI Score
0.001EPSS
Security Bulletin: NVIDIA DCGM - March 2023
NVIDIA has released a software update for NVIDIA® Data Center GPU Manager (DCGM). The update addresses security issues that may lead to denial of service and data tampering. To protect your system, download and install the latest DCGM release from the CUDA repositories. Go to NVIDIA Product...
8.4CVSS
7AI Score
0.0004EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate....
3.7CVSS
4.2AI Score
0.002EPSS
Security Bulletin: NVIDIA GPU Display Driver - March 2023
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. To protect your system, download and install this software update...
8.8CVSS
6.6AI Score
0.001EPSS
Summary Vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...
7.4CVSS
0.9AI Score
0.027EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015. Vulnerability Details CVEID: CVE-2014-6593 DESCRIPTION: A...
5.2AI Score
0.698EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in October 2015. SAN Volume Controller and Storwize Family has addressed.....
6AI Score
0.008EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. This issue was disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...
4.8AI Score
0.009EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in January 2016. SAN Volume Controller and Storwize Family has addressed.....
5.5AI Score
0.004EPSS
Summary A vulnerability in the IBM® Runtime Environment Java™ Technology Edition affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...
7.5CVSS
1.2AI Score
0.003EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Apr 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION:An...
5.2AI Score
0.948EPSS
Summary Multiple vulnerabilities in the IBM® Runtime Environment Java™ Technology Edition affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The....
5.6CVSS
0.9AI Score
0.018EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM SAN Volume Controller, Storwize Family and FlashSystem V9000 products . These issues were disclosed as part of the IBM Java SDK updates in February 2017. The applicable CVEs are...
7.5CVSS
0.7AI Score
0.005EPSS
Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2022-21626 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component...
5.3CVSS
1AI Score
0.002EPSS
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An.....
5.5CVSS
5.9AI Score
0.008EPSS
Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could.....
5.9CVSS
0.8AI Score
0.002EPSS
Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition and Apache Tomcat affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java....
7.5CVSS
0.6AI Score
0.148EPSS
Microsoft Secure: Explore innovations transforming the future of security
Building a more secure future requires an end-to-end approach. There is no question that technology plays an essential role, but security will always be human-centered. That’s what Microsoft Secure is all about. It’s about sharing knowledge, best practices, and technology innovations that empower.....
6.9AI Score
Microsoft Secure: Explore innovations transforming the future of security
Building a more secure future requires an end-to-end approach. There is no question that technology plays an essential role, but security will always be human-centered. That’s what Microsoft Secure is all about. It’s about sharing knowledge, best practices, and technology innovations that empower.....
6.9AI Score
What is it? The Short A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. The Long Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating...
6.7AI Score
6.8AI Score
7.4AI Score
6.8AI Score
Imperva recognized as a Strong Performer in Forrester Wave: Data Security Platforms, Q1 2023
The Forrester Wave evaluated the largest end-to-end providers of data security capabilities across a wide range of functionality to enable controls to enforce data security policies for both structured and unstructured data. In this report, Forrester provides an assessment of the top vendors in...
6.4AI Score
Security Bulletin: NVIDIA DGX-2, DGX Station A100, and DGX A100 - March 2023
NVIDIA has released a firmware security update for the NVIDIA DGX-2™ server, DGX A100 server, and DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering. To...
8.8CVSS
8.4AI Score
0.001EPSS
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
6.5AI Score
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...
6.5AI Score
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP...
5.3CVSS
0.6AI Score
0.002EPSS
Trellix HAX 2023 Capture the Flag Results!
Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...
6.7AI Score
Trellix HAX 2023 Capture the Flag Results!
Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...
7AI Score
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Version 8 (CVE-2022-21248, CVE-2022-21293, CVE-2022-21294, CVE-2022-21341, CVE-2021-35578, CVE-2021-35603, CVE-2021-35550) and Eclipse Openj9 (CVE-2021-41035) used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix....
9.8CVSS
9.5AI Score
0.571EPSS
Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study
Volume up (and not in a good way) Security teams must continuously contort their efforts to effectively respond to the growing volume of cyberthreats. These constantly shifting methods in the security operations center (SOC) can be difficult to manage in the face of emerging external threats—it...
6.6AI Score
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a...
5.3CVSS
1.1AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1, 8.0 and 11.0 used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway has addressed a CVE that could allow an unauthenticated attacker...
5.3CVSS
1AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1, 8.0 and 11.0.13 used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway has addressed seven CVEs that can allow denial of service and...
5.3CVSS
0.8AI Score
0.002EPSS
Summary IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2022-21299 that could allow an unauthenticated attacker to cause a denial of service....
5.3CVSS
1.2AI Score
0.002EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix removes vulnerabilities CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619 that can allow an unauthenticated attacker to obtain...
5.3CVSS
0.7AI Score
0.002EPSS
Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2023
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2023. IBM 8 SR7 FP20 (1.8.0_351). Vulnerability Details ** CVEID: CVE-2022-3676 ...
6.5CVSS
1.6AI Score
0.002EPSS
Intel® Optane™ DC Persistent Memory for Windows Advisory
Summary: A potential security vulnerability in the Intel® Optane™ DC Persistent Memory for Windows software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-0106 Description: Incorrect default...
2.8AI Score
0.0004EPSS
OpenVINO™ Toolkit for Windows* Permissions Issue Advisory
Summary: A potential security vulnerability in OpenVINO™ Toolkit for Windows may allow escalation of privilege. Intel is releasing OpenVINO™ Toolkit for Windows updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12162**** Description: Directory permissions in.....
1.3AI Score
0.0004EPSS
Intel® RealSense™ DCM Advisory
Summary: A potential security vulnerability in the Intel® RealSense™ Depth Camera Manager (DCM) software may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-33119 Description: Improper access control....
4.9AI Score
0.0004EPSS
Intel® Optane™ DC Persistent Memory Module Management Software Advisory
Summary: A potential security vulnerability in Intel® Optane™ DC Persistent Memory Module Management Software may allow escalation of privilege and denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0546...
2.6AI Score
0.0004EPSS