Summary A vulnerabilitiy has been identified in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability.....
7.5CVSS
7.4AI Score
0.034EPSS
Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...
7.5CVSS
6.8AI Score
0.004EPSS
Summary Vulnerability have been identified in pdfbox-1.8.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...
5.5CVSS
6.7AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard® Client Portal : SuiteDash Direct Login plugin <= 1.7.6...
5.9CVSS
4.8AI Score
0.0004EPSS
Summary Multiple vulnerabilities have been identified in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability....
9.8CVSS
9.7AI Score
0.015EPSS
Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...
5.3CVSS
6.3AI Score
0.002EPSS
Summary Multiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details.....
7.5CVSS
6.7AI Score
0.003EPSS
Summary Multiple vulnerabilities have been identified in poi-3.9.jar, poi-scratchpad-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs....
7.5CVSS
6.9AI Score
0.014EPSS
Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...
5.3CVSS
6.6AI Score
0.002EPSS
Summary Multiple vulnerabilities have been identified in IBM DB2 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...
7.5CVSS
6.3AI Score
0.004EPSS
Summary Multiple vulnerabilities have been identified in cxf-rt-transports-http-3.0.3.jarr which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs....
6.1CVSS
7AI Score
0.178EPSS
Summary A vulnerabilitiy has been identified in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs....
5.4CVSS
6.1AI Score
0.001EPSS
Summary Multiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details **.....
5.5CVSS
7.4AI Score
0.014EPSS
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the restfulWS-3.0 or restfulWS-3.1 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...
7.5CVSS
6.4AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard® Client Portal : SuiteDash Direct Login plugin <= 1.7.6...
4.8CVSS
5.4AI Score
0.0004EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-21930 ...
9.1CVSS
7.9AI Score
0.002EPSS
Summary Multiple vulnerabilities have been identified in batik-all-1.7.jar, batik-dom-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs....
9.8CVSS
6.9AI Score
0.043EPSS
Security Bulletin: IBM SDK, Java Technology Edition, Security Update August 2023
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to August 2023. IBM 8 SR8 FP5 (1.8.0_371). Vulnerability Details ** CVEID: CVE-2022-40609 ...
9.8CVSS
7.5AI Score
0.003EPSS
Summary Multiple vulnerabilities were disclosed in the Oracle April 2023 Quarterly CPU Update. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...
9.1CVSS
8AI Score
0.002EPSS
Summary When WebSphere Application Server traditional is used with the optionally installed Web Server Plug-ins component, the lack of hostname verification with the Web Plugins could allow an authenticated attacker to conduct spoofing attacks. A man in the middle attacker could conduct an exploit....
5.3CVSS
6.3AI Score
0.001EPSS
Summary Multiple vulnerabilities have been identified in ant-1.8.2.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details **...
7.5CVSS
6.8AI Score
0.026EPSS
Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...
9.1CVSS
8AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. For more information please refer to Oracle's July 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details ** CVEID: CVE-2023-22045 ...
3.7CVSS
4.9AI Score
0.001EPSS
Summary IBM Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions 8.0 which has a remote code execution vulnerability. IBM Sterling Connect:Direct Browser User Interface has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 ...
9.8CVSS
9.4AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An...
9.1CVSS
10.1AI Score
EPSS
Summary IBM Sterling Connect:Direct Web Services uses IBM® Runtime Environment Java™ Versions which has a remote code execution vulnerability. IBM Sterling Connect:Direct Web Services has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK, Java...
9.8CVSS
9.4AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition in version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. An update has been released to address the vulnerability. Vulnerability Details CVEID: CVE-2022-40609...
9.8CVSS
7.5AI Score
0.003EPSS
Summary WebSphere Application Server and IBM WebSphere Application Server Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server and IBM WebSphere Application Server Liberty has....
6.4AI Score
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard® Client Portal : SuiteDash Direct Login plugin <= 1.7.6...
5.9CVSS
5.5AI Score
0.0004EPSS
Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8** for Java deserialization filters (JEP 290) ignored during IBM ORB deserialization that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues....
9.8CVSS
7.4AI Score
0.003EPSS
Hive Pro Celebrates Remarkable Milestones in Securicom MSSP Partnership
HERNDON, VA., Sept. 13, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce significant achievements in its collaboration with Securicom, a customer-centric Global Managed IT Security Services Provider (MSSP). This partnership marks a crucial step forward in...
6.5AI Score
Summary WebSphere Application Server and Websphere Liberty is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...
9.8CVSS
6.3AI Score
0.003EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
6.1CVSS
6AI Score
0.0005EPSS
Summary All appicable Java SE CVEs published by Oracle as part of their April 2023 Critical Patch Update, plus CVE-2023-2597. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Requirements Quality...
9.1CVSS
6.3AI Score
0.001EPSS
HERNDON, Va., Sept. 7, 2023 - Hive Pro®, a pioneer vendor of Threat Exposure Management is now featured in two prominent Gartner publications that spotlight industry leaders and innovators: The Market Guide™ for Vulnerability Assessment (2023) and The Hype Cycle for Security Operations (2023). As.....
7AI Score
Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics
Gcore Radar is a quarterly report prepared by Gcore that provides insights into the current state of the DDoS protection market and cybersecurity trends. This report offers you an understanding of the evolving threat landscape and highlights the measures required to protect against attacks...
9.1AI Score
Accusoft ImageGear tif_parse_sub_IFD use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1830 Accusoft ImageGear tif_parse_sub_IFD use-after-free vulnerability September 25, 2023 CVE Number CVE-2023-39453 SUMMARY A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed...
9.8CVSS
9.2AI Score
0.001EPSS
Summary Websphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....
6.5AI Score
Summary Websphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....
9.8CVSS
6.3AI Score
0.003EPSS
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their July 2023 Vulnerability Advisory. For more information please refer to OpenJDK's July 2023 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability Details ** CVEID:...
3.7CVSS
5.7AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion8 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve other...
8.8CVSS
6.9AI Score
0.0004EPSS
Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...
5.9CVSS
6.3AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
6.1CVSS
6.3AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9...
7.1CVSS
6AI Score
0.0005EPSS
Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21967 ...
5.9CVSS
7.7AI Score
0.001EPSS
From Caribbean shores to your devices: analyzing Cuba ransomware
Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...
10CVSS
10.5AI Score
EPSS
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an attacker executing arbitrary code due to an unsafe deserialization flaw as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i Group PTF for...
9.8CVSS
7.3AI Score
0.003EPSS
Cloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post...
6.7AI Score
Cloud storage security: What’s new in the threat matrix
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post...
6.7AI Score
Patch Tuesday - September 2023
Microsoft is addressing 65 vulnerabilities this September Patch Tuesday, including two zero-day vulnerabilities, as well as four critical remote code execution (RCE) vulnerabilities, and six republished third-party vulnerabilities. Word: zero-day NTLM hash disclosure Microsoft Word receives a...
9.8CVSS
9.3AI Score
0.915EPSS