Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVEs. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in CVE-2023-30441. Vulnerability Details ** CVEID:...
7.5CVSS
5.9AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java...
9.1CVSS
7.2AI Score
0.001EPSS
Security Bulletin: IBM® Db2® on Windows is vulnerable to privilege escalation. (CVE-2023-27558)
Summary IBM® Db2® on Windows is vulnerable to privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service.....
8.4CVSS
6.5AI Score
0.0004EPSS
Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats
It has been an eventful time since the introduction of Microsoft Security Experts.1 We launched Defender Experts for Hunting, our first-party managed threat hunting service for customers who want Microsoft to help them proactively hunt threats across endpoints, Microsoft Office 365, cloud...
6.7AI Score
Summary IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution as Db2 instance owner. Vulnerability Details ** CVEID: CVE-2023-35012 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) with a Federated configuration is vulnerable to a...
6.7CVSS
7.7AI Score
0.0004EPSS
Cisco IOS Software H.323 Denial of Service Vulnerabilities
The H.323 implementation in Cisco IOS® Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software. Cisco has released software updates that address these...
7AI Score
0.001EPSS
Who and What is Behind the Malware Proxy Service SocksEscort?
Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service...
7.1AI Score
Summary IBM® Db2® JDBC driver is vulnerable to multiple remote code execution issues. These vulnerabilties are addressed. Vulnerability Details ** CVEID: CVE-2023-27869 DESCRIPTION: **IBM Db2 JDBC Driver could allow a remote authenticated attacker to execute arbitrary code on the system, caused...
8.8CVSS
8.2AI Score
0.002EPSS
Summary IBM® Db2® federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. Vulnerability Details ** CVEID: CVE-2023-30442 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated...
7.5CVSS
6.2AI Score
0.001EPSS
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors...
9.8CVSS
10.2AI Score
EPSS
Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2015-0250, CVE-2018-8013, CVE-2017-5662 batik-dom-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of batik-dom to batik-dom-1.16.jar Vulnerability Details...
9.8CVSS
6.6AI Score
0.043EPSS
8.8CVSS
7.1AI Score
0.143EPSS
Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 batik-bridge-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of barik-bridge to batik-bridge-1.16.jar .jar...
7.5CVSS
6.5AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0 and Eclipse Openj9. IBM Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle...
9.1CVSS
8.5AI Score
0.002EPSS
Summary IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed....
5.3CVSS
6.5AI Score
0.001EPSS
Summary Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...
7.5CVSS
6.5AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed....
5.3CVSS
6.5AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to...
5.9CVSS
6.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details ** CVEID: CVE-2023-21967 DESCRIPTION: **An...
5.9CVSS
7.7AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION:.....
9.1CVSS
8AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVE(s) listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVE(s). If...
9.1CVSS
7.9AI Score
0.002EPSS
CentOS Update for cups CESA-2009:0428 centos3 i386
The remote host is missing an update for...
7.6AI Score
0.018EPSS
CentOS Update for cups CESA-2009:0308 centos3 i386
The remote host is missing an update for...
7.6AI Score
0.85EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details ** CVEID: CVE-2022-41721 DESCRIPTION: **Golang Go is vulnerable to HTTP request smuggling,.....
9.8CVSS
9.4AI Score
0.972EPSS
CentOS Update for cups CESA-2009:0429 centos4 i386
The remote host is missing an update for...
7.9AI Score
0.239EPSS
CentOS Update for cups CESA-2009:0429 centos5 i386
The remote host is missing an update for...
7.9AI Score
0.239EPSS
Microsoft Inspire: Partner resources to prepare for the future of security with AI
Cybersecurity is one of the most pressing challenges of our time. With an ever-changing threat landscape and siloed data across multiple security point solutions, defenders have limited visibility. It’s difficult to stay current and find cybersecurity professionals amid the global talent shortage.....
6.7AI Score
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details...
9.1CVSS
7.8AI Score
0.002EPSS
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details...
9.1CVSS
7.8AI Score
0.002EPSS
Malwarebytes stops 100% of Advanced Threats in latest AV-Test assessment
AV-TEST, a leading independent tester of cybersecurity solutions, has just given Malwarebytes two Advanced awards for the ability of our consumer and business products to protect against the latest attack techniques. Let's take a deeper dive into the test and the results. Advanced Threat...
6.8AI Score
Summary Websphere Application Server (WAS) is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section....
6.5AI Score
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK...
6.6AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....
8.8CVSS
8.4AI Score
EPSS
Beyond File Search: A Novel Method
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows.....
8.6AI Score
0.961EPSS
Beyond File Search: A Novel Method
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows.....
7.8AI Score
0.961EPSS
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their January 2023 Vulnerability Advisory, plus CVE-2022-4304. For more information please refer to OpenJDK's January 2023 Vulnerability Advisory and the X-Force database entries referenced below....
5.9CVSS
5.5AI Score
0.002EPSS
Summary Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. IBM Security Verify Governance, Identity Manager virtual appliance component ships with IBM DB2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes...
9.8CVSS
8.2AI Score
0.003EPSS
Meet unprecedented security challenges by leveraging MXDR services
We know customers of every size face ever-increasing security risks. In just the last 12 months the speed of attackers leveraging breaches is also increasing, as it only takes 72 minutes on average for an attacker to access private data from the time a user falls victim to a phishing email.1 Data.....
6.8AI Score
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM...
9.1CVSS
8AI Score
0.002EPSS
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
6.4AI Score
Security Bulletin: IBM Db2® Graph is vulnerable to deserialization due to Snakeyaml CVE-2022-1471
Summary Snakeyaml open source library used by IBM Db2® Graph is affected by vulnerability CVE-2022-1471 . The fix updates Snakeyaml to 2.0 Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system,...
9.8CVSS
7.4AI Score
0.022EPSS
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects TPF Toolkit
Summary A vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ that is used by TPF Toolkit has been addressed. Vulnerability Details ** CVEID: CVE-2023-21967 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related...
5.9CVSS
6.1AI Score
0.001EPSS
Summary CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could...
5.3CVSS
7.9AI Score
0.001EPSS
Summary CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could...
5.3CVSS
6AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Apr 2023. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in...
9.1CVSS
8.1AI Score
0.002EPSS
Summary CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related to the...
5.3CVSS
4.8AI Score
0.001EPSS
Summary CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related to the...
5.3CVSS
4.8AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in October 2018. ...
5.6CVSS
0.8AI Score
0.003EPSS
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has...
7.4CVSS
1.5AI Score
0.003EPSS
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the...
7.5CVSS
1.3AI Score
0.004EPSS