Intel® Security Vulnerabilities

Intel® VCUST Tool Advisory

Summary: A potential security vulnerability in some Intel® VCUST Tool software may allow escalation of privilege. Intel is releasing a software update to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-25944 Description: Uncontrolled search path element in some...

Intel® DSA Software Advisory

Summary: A potential security vulnerability in the Intel® Driver and Support Assistant (DSA) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-27515 Description: Cross-site scripting...

Intel® ITS Software Advisory

Summary: A potential security vulnerability in the Intel® Intelligent Test System (ITS) software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® ITS software. Vulnerability...

Intel® NUC BIOS Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32617 Description:...

Intel® SDP Tool Software Advisory

Summary: A potential security vulnerability in some Intel® Server Debug and Provisioning (SDP) Tool software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-31246 Description: Incorrect default.....

Intel® RST Software Installer Advisory

Summary: A potential security vulnerability in some Intel® Rapid Storage Technology (RST) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-43456 Description: Uncontrolled search path in.....

Intel® Unison™ Software Advisory

Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25757 Description: Improper access...

Intel® Support Android App Advisory

Summary: A potential security vulnerability in the Intel® Support android application may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-27392 Description: Incorrect default permissions in the...

Intel® ArcTM Graphics Cards Advisory

Summary: Potential security vulnerabilities in some Intel® Arc™ Limited Edition graphics cards may allow denial of service or information disclosure. Intel is releasing prescriptive guidance to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-41984 Description:...

Intel® Manageability Commander Software Advisory

Summary: A potential security vulenrability in some Intel® Manageability Commander (Intel® MC) software may allow escalation of privileges. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-29887 Description: Cross-site Scripting...

Intel® Advanced Link Analyzer Advisory

Summary: A potential security vulnerability in some Intel® Advanced Link Analyzer Standard Edition software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-27505 Description:...

Intel Unite® Android App Advisory

Summary: Potential security vulnerabilities in the Intel Unite® android application may allow information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32609 Description: Improper access control in the Intel...

Intel® SSD Tools Software Advisory

Summary: Potential security vulnerabilities in some Intel® SSD Tools software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28736 Description: Buffer overflow in...

Intel® AI Hackathon Software Advisory

Summary: A potential security vulnerability in the Intel® AI Hackathon software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28380 Description: Uncontrolled search path for the Intel(R) AI...

Intel® ISPC Software Installer Advisory

Summary: A potential security vulnerability in some Intel® Implicit SPMD Program Compiler (ISPC) software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-27509 Description: Improper...

Intel® oneVPL GPU Runtime Advisory

Summary: Potential security vulnerabilities in some Intel® oneVPL GPU Runtime software may allow denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22338 Description: Out-of-bounds read in some Intel(R) oneVPL.....

Intel® NUC Pro Software Suite Advisory

Summary: A potential security vulnerability in the Intel® NUC Pro Software Suite for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28385 Description: Improper authorization in the...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks. (CVE-2023-30441)

Summary IBM Java versions 8.0.7.0 - 8.0.7.1 has a combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. Following IBM® Engineering Lifecycle Engineering products are vulnerable to.....

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161

Summary IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed...

2023.3 IPU - Intel® Chipset Firmware Advisory

Summary: Potential security vulnerabilities in the Intel® Converged Security Management Engine (CSME), Active Management Technology (AMT) and Intel® Standard Manageability software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these...

Intel® Ethernet Controllers and Adapters Advisory

Summary: A potential security vulnerability in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22276 Description: Race condition in firmware for some...

Intel® RealSense™ ID Software Advisory

Summary: Potential security vulnerabilities in some Intel® RealSense™ ID software for Intel® RealSense™ 450 Face Authentication (FA) may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities......

Intel® PROSet/Wireless WiFi Software Advisory

Summary: A potential security vulnerability in some Intel® PROSet/Wireless WiFi software for Windows may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28714 Description: Improper access control in....

Intel® Optimization for TensorFlow Software Advisory

Summary: A potential security vulnerability in the Intel® Optimization for TensorFlow software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-27506 Description: Improper buffer restrictions in.....

Intel® Easy Streaming Wizard Software Advisory

Summary: A potential security vulnerability in the Intel® Easy Streaming Wizard software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® Easy Streaming Wizard software....

Intel® Server Board BMC Video Driver Advisory

Summary: A potential security vulnerability in some Intel® Server Board BMC video drivers may allow escalation of privilege. Intel is releasing updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-34355 Description: Uncontrolled search path element for some...

Intel® Distribution of OpenVINO™ Toolkit Advisory

Summary: A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28405 Description: Uncontrolled search path in the...

Intel® Ethernet Controller RDMA Driver for Linux Advisory

Summary: A potential security vulnerability in the Intel® Ethernet Controller Remote Direct Memory Access (RDMA) driver for linux may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-25775...

MAVinci Desktop Software for Intel® Falcon 8+ Advisory

Summary: A potential security vulnerability in the MAVinci Desktop software for Intel® Falcon 8+ may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for MAVinci Desktop software for Intel® Falcon....

Intel® PROSet/Wireless WiFi and KillerTM WiFi Advisory

Summary: Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID:...

Intel® oneAPI Toolkit and Component Software Installers Advisory

Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-27391 Description: Improper...

Intel® NUC Kit and Mini PC BIOS Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® NUC Kit and Mini PC BIOS firmware may allow escalation of privilege or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-37336 Description:...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to an XML External Entity (XXE) Injection vulnerability - CVE-2023-27554

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. Following IBM® Engineering Lifecycle Engineering product....

Intel® Server Boards and Server System Firmware Update Utility Advisory

Summary: A potential security vulnerability in the System Firmware Update Utility for some Intel® Server Boards and Server System may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-22841...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console - CVE-2023-24966

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Following IBM®...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU is vulnerable to (CVE-2023-2597).

Summary All appicable Java SE CVEs published by Oracle as part of their April 2023 Critical Patch Update, plus CVE-2023-2597. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937)

Summary IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-21967, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937). The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache.....

2023.3 IPU - BIOS Advisory

Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-37343.....

Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-26293 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0086 , CVE-2019-0089 , CVE-2019-0090 , CVE-2019-0091 , CVE-2019-0092 , CVE-2019-0093 , CVE-2019-0094 ,...

Hyperscan Library Advisory

Summary: A potential security vulnerability in the Hyperscan Library maintained by Intel® may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28711 Description: Insufficient control flow management in the....

Security Bulletin: A security vulnerability has been identified in IBM DB2 shipped with IBM Intelligent Operations Center(CVEs - Remediation/Fixes)

Summary BM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate....

Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for X-Force ID 220800 and CVE-2017-12626

Summary Due to flaws in Apache POI, IBM® Engineering System Design Rhapsody is vulnerable to arbitrary code execution (X-Force ID 220800) and denial of service (CVE-2017-12626). Both vulnerabilities are fixed in v9.0.1 iFix005. Vulnerability Details ** CVEID: CVE-2017-12626 DESCRIPTION: **Apache...

New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection

With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two...

New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection

With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two...

MDR: Empowering Organizations with Enhanced Security

Managed Detection and Response (MDR) has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response (EDR) products deployed across their network domain. With real-time...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Decision Optimization for IBM Cloud Private for Data (ICP4Data)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Decision Optimization for ICP4Data. IBM Decision Optimization for ICP4Data has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin ( CVE-2023-30447, CVE-2023-30446, CVE-2023-30443, CVE-2023-30448, CVE-2023-30445, CVE-2023-30449, CVE-2023-23487, CVE-2023-30431,...

Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment update from part of Oracle's April 2023 Critical Patch Update......

How MDR Helps Solve the Cybersecurity Talent Gap

How do you overcome today's talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team's ability to defend the organization against new and current threats. This is why many security leaders.....