Intel® Security Vulnerabilities

Hive Pro Unveils Revolutionary Platform Uni5 Xposure, Elevating the Potential of Threat Exposure Management

HERNDON, VA., Oct. 10, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management today announced the highly-anticipated release of their new platform Uni5 Xposure, which debuts live at the GITEX GLOBAL trade show in Dubai, UAE and at Triangle InfoSec Conference in North Carolina, USA. Uni5.....

CVE-2020-13896

The web interface of Maipu MP1800X-50 7.5.3.14® devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime....

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Workload Scheduler is vulnerable to an unspecified vulnerability.

Summary IBM® SDK Java™ Technology Edition is used by IBM Workload Scheduler. (CVE-2023-21830, CVE-2023-21843) Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a...

Improper access control

Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE,...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)

Summary IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. This affects The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty versions 22.0.0.7 and prior......

CVE-2022-29470

Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2022-29470

Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2022-29470

Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local...

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and...

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and...

AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior

...

Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management products.

Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details ** CVEID: CVE-2022-43929 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676....

Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management products.

Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details ** CVEID: CVE-2023-29257 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one...

Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management.

Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details ** CVEID: CVE-2023-30447 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain...

AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior

...

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity...

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366)

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF19 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.19.0 (CVE-2023-21939, CVE-2023-21967). The following 3rd party components...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION:.....

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary...

Hive Pro Partners with Tech Titan to Fortify Cybersecurity Landscape in Southeast Asia

HERNDON, VA., Sept. 26, 2023 - Hive Pro®, a pioneer vendor in Threat Exposure Management, is thrilled to announce a strategic partnership with Tech Titan Group, a leading IT Solutions Provider renowned for its innovation-driven approach and dedication to addressing evolving customer needs across...

People's Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for...

Cross site scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SuiteDash :: ONE Dashboard® Client Portal : SuiteDash Direct Login plugin <= 1.7.6...

Security Bulletin: Vulnerability found in velocity-1.7.jar which is shipped with IBM® Intelligent Operations Center [CVE-2020-13936]

Summary Vulnerability have been identified in velocity-1.7.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. [CVE-2020-13936] Vulnerability Details...

Security Bulletin: Security vulnerabilities identified in IBM DB2 used by IBM Security Verify Governance - Identity Manager

Summary IBM Security Verify Governance - Identity Manager supports IBM DB2 database. See this security bulletin for information about multiple vulnerabilities affecting IBM DB2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Vulnerabilities found in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center [CVE-2017-12626 and X-Force ID: 220800]

Summary Multiple vulnerabilities have been identified in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published which addressed the applicable CVE 2017-1262 and X-Force ID:...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM® SDK, Java™ Technology Edition is affected by multiple vulnerabilities (CVE-2023-22045, CVE-2023-22049)

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test...

Security Bulletin: Multiple security vulnerabilities Affect IBM Db2 Database Server shipped with IBM OpenPages

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletin(s) listed in the...

Security Bulletin: Vulnerability found in commons-codec-1.5.jar which is shipped with IBM® Intelligent Operations Center(177835)

Summary Vulnerability have been identified in commons-codec-1.5.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** IBM...

Security Bulletin: A vulnerability found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-30441)

Summary A vulnerability have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: A vulnerability found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2022-21426)

Summary A vulnerability have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability found in fontbox-1.8.1.jarr which is shipped with IBM® Intelligent Operations Center(CVE-2018-8036)

Summary Vulnerability have been identified in fontbox-1.8.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: A Vulnerability found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2022-3676)

Summary A vulnerability have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about this vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability found in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-1000632)

Summary Vulnerability have been identified in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: A vulnerability found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2022-40609)

Summary A vulnerability have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability found in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2020-10683)

Summary Vulnerability have been identified in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability found in fop-1.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5661)

Summary Vulnerability have been identified in fop-1.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository due to July 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in July 2023. These issues are addressed by WebSphere Application Server shipped with WebSphere...

Security Bulletin: Vulnerability found in cxf-core-3.5.4.jar which is shipped with IBM® Intelligent Operations Center(CVE-2022-46364)

Summary Vulnerability have been identified in cxf-core-3.5.4.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability found in commons-net-1.4.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-37533)

Summary Vulnerability have been identified in commons-net-1.4.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin:Multiple Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center(CVE-2020-15168, CVE-2022-0235)

Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability found in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2021-29425)

Summary Vulnerability have been identified in commons-io-1.3.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability found in xmlgraphics-commons-1.5.jar which is shipped with IBM® Intelligent Operations Center(CVE-2020-11988)

Summary Vulnerability have been identified in xmlgraphics-commons-1.5.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details **...

Security Bulletin:Multiple Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center(CVE-2021-44906, CVE-2020-7598)

Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2022-40609)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...

Security Bulletin: Vulnerabilities found in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center(CVE-2019-10172, CVE-2019-10202)

Summary Multiple vulnerabilities have been identified in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details **....

Security Bulletin: Vulnerability found in Turf.js which is shipped with IBM® Intelligent Operations Center(CVE-2021-3807)

Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center [CVE-2020-28500, CVE-2020-8203, CVE-2019-1010266, CVE-2019-10744, CVE-2021-23337 and CVE-2018-16487]

Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Security Bulletin: A vulnerability found in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center(CVE-2023-24998)

Summary A vulnerabilitiy has been identified in IBM WebSphere Application Server Liberty which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability.....

Security Bulletin: Multiple vulnerabilities found in IBM Java which is shipped with IBM® Intelligent Operations Center(CVE-2023-21830, CVE-2023-21843)

Summary Multiple vulnerabilities have been identified in IBM Java which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details ** CVEID:...