The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
CVE-2022-4110 Eventify <= 2.1 - Admin+ Stored XSS
The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5AI Score
0.001EPSS
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates.....
5.9CVSS
1.1AI Score
0.002EPSS
Summary All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service ,...
5.9CVSS
0.9AI Score
0.001EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway Desktop Editon. The fix removes vulnerabilities CVE-2022-21541 and CVE-2022-21540 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact....
5.9CVSS
0.2AI Score
0.001EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway Desktop Editon. The fix removes vulnerability CVE-2021-2163 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. Vulnerability Details ** CVEID:....
5.3CVSS
0.2AI Score
0.002EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-2163 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. Vulnerability Details ** CVEID: CVE-2021-2163 ....
5.3CVSS
0.8AI Score
0.002EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway. The fix removes vulnerabilities CVE-2022-21541 and CVE-2022-21540 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details ** CVEID: CVE-2022-21541 DESCRIPTION: **An unspecified...
5.9CVSS
0.5AI Score
0.001EPSS
Detecting Windows AMSI Bypass Techniques
We look into some of the implementations that cybercriminals use to bypass the Windows Antimalware Scan Interface (AMSI) and how security teams can detect threats attempting to abuse it for compromise with Trend Micro Vision...
2.2AI Score
Buyer Beware! Account Takeover Attacks Surging This Shopping Season
The prevalence of Account Takeover (ATO) attacks continues to rise, as the threat creeps its way to the top of the list of security concerns for organizations today. Last year, Imperva recorded a staggering 148% increase in Account Takeover attacks, as reported in the 2022 Bad Bot Report. And...
0.2AI Score
Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report
We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture....
0.4AI Score
Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report
We’re excited to announce that Microsoft is named a Leader in The Forrester Wave: Security Analytics Platforms, Q4 2022. Microsoft achieved the highest possible score in 17 different criteria, including partner ecosystem, innovation roadmap, product security, case management, and architecture....
0.4AI Score
NVIDIA DGX A100 Server and DGX Station A100 - December 2022
NVIDIA has released a firmware security update for NVIDIA DGX A100 server and NVIDIA DGX Station A100. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, loss of data integrity, information disclosure, or data tampering. To protect your...
8.8CVSS
2.8AI Score
0.001EPSS
Implement Risk-Based Vulnerability Management with Qualys TruRisk™ : Part 2
This blog is a continuation of our first blog on implementing risk-based vulnerability management with Qualys TruRiskTM. In the first blog, we covered how to correctly tag and categorize assets for accurate risk assessment. Now that you have properly tagged your assets, Qualys TruRiskTM will...
-0.4AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial...
5.3CVSS
1.6AI Score
0.002EPSS
An open redirect vulnerability was found in mod_auth_openidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that.....
6.1CVSS
1AI Score
0.001EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly...
6.1CVSS
2.3AI Score
0.001EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly...
6.1CVSS
6.8AI Score
0.001EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly...
6.1CVSS
6.3AI Score
0.001EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly...
6.1CVSS
0.001EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly...
6.1CVSS
6.3AI Score
0.001EPSS
CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly...
4.7CVSS
6.7AI Score
0.001EPSS
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly...
6.1CVSS
6.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass...
6.5CVSS
1.1AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 which is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2021-2163 DESCRIPTION: **An unspecified...
5.9CVSS
1.6AI Score
0.002EPSS
Implement Risk-Based Vulnerability Management with Qualys TruRisk™ : Part 1
For today’s CISOs, managing cyber risk is Job #1 priority, and it’s a full-time concern. Security practitioners are spending a considerable amount of time responding to cybersecurity threats and finding ways to reduce risk from threats that are unknown. Earlier this year Qualys introduced Qualys...
-0.4AI Score
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the...
6.5CVSS
1.5AI Score
0.002EPSS
Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2022-21541, CVE-2022-21540, CVE-2021-2163). Vulnerability Details ** CVEID: CVE-2022-21541 DESCRIPTION: **An unspecified vulnerability in.....
5.9CVSS
1AI Score
0.002EPSS
Protect Your Network with Zero-Day Threat Protection
Explore the world of zero-day threats and gain valuable insight into the importance of proactive detection and remediation. Learn how Trend Micro™ Research mitigates risk by providing global cybersecurity intelligence to continuously discover the ever-changing attack surface, understand and...
2.9AI Score
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2022. Vulnerability Details ** CVEID: CVE-2022-21626 DESCRIPTION: **An...
5.3CVSS
1.5AI Score
0.002EPSS
Summary IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2021-2163) due to the use of IBM® SDK Java™ Technology Edition, Version 8. The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud...
5.3CVSS
0.6AI Score
0.002EPSS
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime....
6.5CVSS
1.1AI Score
0.001EPSS
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK....
5.3CVSS
1.1AI Score
0.002EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2022-3676 ...
6.5CVSS
0.5AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2022-21628 ...
5.3CVSS
1.2AI Score
0.002EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
6.5CVSS
2.2AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2021-2163 ...
5.3CVSS
0.8AI Score
0.002EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2022-21541 ...
5.9CVSS
0.9AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
5.3CVSS
2.2AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in Jan 2022. Vulnerability...
6.5CVSS
1AI Score
0.001EPSS
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...
5.3CVSS
4.9AI Score
0.001EPSS
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...
5.3CVSS
0.001EPSS
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...
5.3CVSS
5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.25 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in March 2019. Vulnerability...
3.7CVSS
9.8AI Score
0.898EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.20 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability....
9CVSS
0.9AI Score
0.009EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.25 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in April 2019. Vulnerability...
8.1CVSS
8.4AI Score
0.083EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION:.....
5.3CVSS
1.2AI Score
0.002EPSS
CVE-2022-43557 BD BodyGuard™ Pumps – RS-232 Interface Vulnerability
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...
5.3CVSS
5.2AI Score
0.001EPSS
Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.2 FP2 and 10.4.1 IF15 . There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading....
9.8CVSS
0.5AI Score
0.975EPSS
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. This issue was disclosed as part of the IBM Java SDK updates in April 2022 and includes the Oracle® April 2022 CPU. Vulnerability Details ** CVEID: CVE-2021-41041 DESCRIPTION: **Eclipse.....
5.3CVSS
0.6AI Score
0.001EPSS