Oracle Essbase (Jan 2023 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. The supported versi...

CVE-2022-21587: Rapid7 Observed Exploitation of Oracle E-Business Suite Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-21587, a critical arbitrary file upload vulnerability rated 9.8 on the CVSS v3 risk metric impacti...

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle July 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Workload Scheduler.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition potentially affect IBM Workload Scheduler. These issues were disclosed as part of the Oracle April 2022 Critical Patch Update. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...

PT-2023-1959

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2 Description A flaw was found in the Linux kernel's OverlayFS subsystem, allowing unauthorized access to the execution of the setuid file with capabilities. This uid mapping bug enables a local user to escalat...

Important: kernel-livepatch-4.14.299-223.520

Issue Overview: A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a...

MySQL -- Multiple vulnerabilities

Oracle reports: This Critical Patch Update contains 37 new security patches for Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network withouti requiring user credentials...

Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications component: Routing glibc. Supported versions that are affected are 8.4, 9.0 and 9.1. Difficult to exploit...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to issue due to IBM® SDK, Java™ Technology Edition (CVE-2021-2163)

Summary IBM Sterling Partner Engagement Manager has addressed all applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could...

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Netcool Configuration Manager (CVE-2022-21541, CVE-2022-21540).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.2, which was disclosed in the Oracle July 2022 Critical Patch Update Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified...

PT-2023-14495 · WordPress · 3D Flipbook Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: 3D FlipBook WordPress plugin versions 1.13.2 and earlier Description: The issue concerns the 3D FlipBook WordPress plugin, which does not validate or escape some of its shortcode attributes before outputting them back in the page. This could...

Oracle Enterprise Manager Ops Center UI or Other Patch (Oct 2019 CPU)

The version of Oracle Enterprise Manager Ops Center installed on the remote host is affected by a vulnerability as described in the October 2019 Critical Patch Update CPU. Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking jQuery. Support...

PT-2023-14143 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions Quebec through San Diego Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget in the Employee Service Center and Service Portal...

Security Bulletin: Security vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition used in IBM WebSphere Application Server used by IBM Master Data Management

Summary CVE-2022-21299 was disclosed as part of the Oracle January 2022 Critical Patch Update. An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack...

Security Bulletin: Security vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition used in IBM WebSphere Application Server and used by IBM Master Data Management

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

PT-2023-1032 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 18.0 and earlier Adobe InCopy versions 17.4 and earlier Description: The issue is related to improper input validation, which could result in arbitrary code execution in the context of the current user. Exploitation of...

PT-2023-1022 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to the implementation of the Layer 2 Tunneling Protocol L2TP in Microsoft Windows, specifically involving the use of memory after it has been freed. This can be...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities ( CVE-2022-21541, CVE-2022-21540 )

Summary All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service , I...

PT-2022-6000 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue exists due to inadequate protection of the web page structure in Adobe Experience Manager, allowing a remote attacker to perform cross-site scripting attacks using a...