VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...
4.9CVSS
EPSS
VMware Workspace One UEM update addresses an information exposure vulnerability. A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information...
6.8CVSS
EPSS
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in....
10CVSS
EPSS
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring (ITM) portal server. have been remediated. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM...
7.5CVSS
8.5AI Score
0.001EPSS
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
6.7AI Score
EPSS
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: ...
7.5CVSS
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: ...
7.5CVSS
7.2AI Score
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
7.7AI Score
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
5.8AI Score
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
7.7AI Score
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
EPSS
CVE-2024-3331 Spotfire: NTLM token leakage
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...
6.8CVSS
EPSS
Summary IBM Security Guardium has addressed this vulnerability. Vulnerability Details CVEID: CVE-2022-43904 DESCRIPTION: IBM Security Guardium could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. CVSS Base score: 7.5 CVSS Temporal...
7.5CVSS
7.5AI Score
0.001EPSS
CVE-2023-38370 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: ...
7.5CVSS
EPSS
CVE-2023-38368 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
EPSS
CVE-2023-38368 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...
6.2CVSS
5.7AI Score
EPSS
CVE-2023-30997 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
6.2AI Score
EPSS
CVE-2023-30997 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
EPSS
CVE-2023-30998 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
EPSS
CVE-2023-30998 IBM Security Access Manager Docker privilege escalation
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...
8.4CVSS
6.2AI Score
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
EPSS
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
5.5AI Score
EPSS
CVE-2023-38371 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
EPSS
CVE-2023-38371 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...
5.9CVSS
6.3AI Score
EPSS
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz
The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler McGraw, Sarah Lee, and Thomas Elkins. Executive Summary On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the...
6.7AI Score
Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
The grpc Unary Server Interceptor created by the otelgrpc package added the labels net.peer.sock.addr and net.peer.sock.port with unbounded cardinality. This can lead to the server's potential memory exhaustion when many malicious requests are sent. This leads to a...
7.5CVSS
6.5AI Score
0.001EPSS
AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...
9.1CVSS
7.2AI Score
0.0004EPSS
A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...
7.4AI Score
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure
Summary IBM QRadar Suite software is vulnerable to information exposure through cache data. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...
6.7AI Score
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.9AI Score
EPSS
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation....
7.7AI Score
10CVSS
7AI Score
0.941EPSS
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...
7.5CVSS
7.8AI Score
0.0004EPSS
‘Poseidon’ Mac stealer distributed via Google ads
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...
6.5AI Score
7.2AI Score
Snowflake isn’t an outlier, it’s the canary in the coal mine
By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...
7.6AI Score
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities...
6.4AI Score
EPSS
Yokogawa FAST/TOOLS and CI Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
5.8CVSS
7.7AI Score
0.0004EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...
7.5AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...
6.8AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...
7.1AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
7.2AI Score
EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: marKoni Equipment: Markoni-D (Compact) FM Transmitters, Markoni-DH (Exciter+Amplifiers) FM Transmitters Vulnerabilities: Command Injection, Use of Hard-coded...
9AI Score
EPSS
Summary IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s)| Version(s) ---|--- Jazz....
8.8CVSS
6.8AI Score
0.0004EPSS
The Secrets of Hidden AI Training on Your Data
While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable,...
6.7AI Score
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
7.3AI Score
EPSS
Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 package_evr_string: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with C_CreateObject and when C_DeriveKey is.....
5.5CVSS
6.8AI Score
0.0004EPSS