Summary Multiple Vulnerabilities were disclosed as part of the Oracle October 2022 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION: **Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted...
5.3CVSS
1.2AI Score
0.002EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-35550 DESCRIPTION: **An unspecified vulnerability in.....
5.9CVSS
1AI Score
0.002EPSS
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2021-35603 DESCRIPTION: **An unspecified vulnerability in.....
3.7CVSS
1AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in October 2022. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details...
5.3CVSS
1.8AI Score
0.002EPSS
The Bug Report January 2023 Edition
The Bug Report – January 2023 Edition By Trellix · February 1, 2023 This story was also written by Jesse Chick. Pretty sure we’ve all seen this episode before. Why am I here? Welcome to the Bug Report, Space-Hash™ Edition! (Think about it. We'll wait.) For many of us, January began with a...
8.3AI Score
0.975EPSS
The Bug Report January 2023 Edition
The Bug Report – January 2023 Edition By Trellix · February 1, 2023 This story was also written by Jesse Chick. Pretty sure we’ve all seen this episode before. Why am I here? Welcome to the Bug Report, Space-Hash™ Edition! (Think about it. We'll wait.) For many of us, January began with a...
10.7AI Score
0.975EPSS
Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in Oct 2022 - Includes Oracle October 2022 CPU Vulnerability Details ** CVEID: CVE-2022-21626 ...
5.3CVSS
0.8AI Score
0.002EPSS
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...
8.1CVSS
7.8AI Score
0.0004EPSS
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...
8.1CVSS
7.8AI Score
0.0004EPSS
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
8.3CVSS
8AI Score
0.0005EPSS
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
8.3CVSS
7.8AI Score
0.0005EPSS
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...
7.5CVSS
6.5AI Score
0.0005EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...
6.5CVSS
6.4AI Score
0.001EPSS
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...
6.5CVSS
7.6AI Score
0.0005EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...
9.8CVSS
9.1AI Score
0.002EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...
6.5CVSS
6.4AI Score
0.001EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...
9.8CVSS
9.4AI Score
0.002EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...
9.8CVSS
9.4AI Score
0.002EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...
6.5CVSS
6.4AI Score
0.001EPSS
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
8.3CVSS
8AI Score
0.0005EPSS
Cross site request forgery (csrf)
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...
6.5CVSS
6.5AI Score
0.0005EPSS
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...
8.1CVSS
7.8AI Score
0.0004EPSS
Summary IBM Virtualization Engine TS7700 is vulnerable to a denial of service threat (CVE-2022-21626) due to the use of IBM® SDK Java™ Technology Edition, Version 8. The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent...
5.3CVSS
0.6AI Score
0.002EPSS
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise...
7.9CVSS
8.3AI Score
0.0005EPSS
Security Bulletin: NVIDIA GeForce Experience - January 2023
NVIDIA has released a software security update for NVIDIA® GeForce Experience™ software. This update addresses issues that may lead to code execution, information disclosure, data tampering, and denial of service. To protect your system, download and install this software update through the...
8.2CVSS
3AI Score
0.0004EPSS
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All...
7.5CVSS
7.8AI Score
0.0005EPSS
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All...
8.6CVSS
9.7AI Score
0.002EPSS
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames...
6.5CVSS
6.6AI Score
0.001EPSS
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to...
8CVSS
8.1AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. Vulnerability Details ** CVEID:...
5.3CVSS
1.3AI Score
0.002EPSS
NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, and Jetson AGX Orin series in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to escalation of privileges, compromised data integrity and...
7.8CVSS
2.6AI Score
0.001EPSS
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle July 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-21541 DESCRIPTION: **An...
5.9CVSS
AI Score
0.001EPSS
Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle April 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2022-21496 DESCRIPTION: **An...
5.3CVSS
0.4AI Score
0.001EPSS
8.8CVSS
0.4AI Score
0.003EPSS
8.8CVSS
8.3AI Score
0.004EPSS
8.8CVSS
0.4AI Score
0.002EPSS
Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21626 ...
5.3CVSS
1.7AI Score
0.002EPSS
0.6AI Score
0.004EPSS
Advancement to API Security Technology Will Combat Recent Surge in Hacks Leveraging Leaked API; Early Release Now Available San Francisco, CA –(BUSINESS WIRE)– January 19, 2023 – Wallarm, the end-to-end API security company, today announced the early release of the Wallarm API Leak Management...
0.1AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0 - 4.1.0.1 . These issues were disclosed as part of the IBM Java SDK updates in July 2019. There are multiple vulnerabilities in IBM® SDK...
7.8CVSS
0.3AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in July 2019. There are multiple vulnerabilities in IBM® SDK...
7.8CVSS
0.2AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in January 2019. There are multiple vulnerabilities in IBM® SDK...
3.7CVSS
0.1AI Score
0.008EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0 - 4.10.1 . These issues were disclosed as part of the IBM Java SDK updates in January 2019. There are multiple vulnerabilities in IBM® SDK...
3.7CVSS
0.1AI Score
0.008EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in Oct 2018. There are multiple vulnerabilities in IBM® SDK Java™...
5.6CVSS
0.4AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Oct 2018. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An unspecified...
5.6CVSS
0.8AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java...
7.8CVSS
0.4AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in July 2018. There are multiple vulnerabilities in IBM® SDK...
7.8CVSS
0.2AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in April 2018. There are multiple vulnerabilities in IBM® SDK...
7.4CVSS
0.3AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018. These issues were also addressed by WebSphere Application Server...
7.4CVSS
0.4AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Nov 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...
6.2CVSS
0.4AI Score
0.001EPSS