Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about security vulnerabilities affecting IBM WebSphere...
1.3AI Score
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about security vulnerabilities affecting IBM WebSphere...
7.8CVSS
0.6AI Score
0.002EPSS
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...
7.5CVSS
1.5AI Score
0.004EPSS
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8.0.7.20 and earlier, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and...
5.3CVSS
6.3AI Score
0.001EPSS
Security Bulletin: NVIDIA CUDA Toolkit - June 2023
NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to partial denial of service. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go to NVIDIA Product Security. Details....
3.3CVSS
6.3AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
6.8AI Score
Summary Vulnerabilities (CVE-2023-21830, CVE-2023-21843) exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected...
5.3CVSS
6.3AI Score
0.001EPSS
7.8CVSS
7.1AI Score
0.006EPSS
(RHSA-2023:3943) Moderate: ACS 4.1 enhancement and security update
The release of ACS 4.1 provides these changes: Security Fix(es): golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) golang: net/http, net/textproto: denial of service from...
7.2AI Score
0.024EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 7, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in October...
6.2CVSS
0.7AI Score
0.001EPSS
Summary IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE components could expose sensitive information using a combination of flaws and configurations within WebSphere Application Server used by Master Data Management. Vulnerability Details ** CVEID: CVE-2023-30441 ...
7.5CVSS
5.9AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018. ...
7.4CVSS
1.3AI Score
0.003EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issue, CVE-2022-21426. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP.....
5.3CVSS
4.9AI Score
0.001EPSS
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
SUMMARY Update September 6, 2023: This Cybersecurity Advisory has been updated with new tactics, techniques, and procedures (TTPs) as well as indicators of compromise (IOCs) received from an additional victim and trusted third parties. Update End The Cybersecurity and Infrastructure Security...
9.8CVSS
8.9AI Score
0.965EPSS
Cross site request forgery (csrf)
The తెల�గ� బైబిల� వచనమ�ల� WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the...
6.1CVSS
6AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018. ...
4.3CVSS
0.7AI Score
0.003EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable issue, CVE-2022-21426. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE.....
5.3CVSS
6AI Score
0.001EPSS
Summary IBM OpenPages with Watson has addressed sensitive information exposure vulnerability caused by CVE-2023-30441. There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM OpenPages with Watson. The CVE(s) listed in this document might affect some...
7.5CVSS
6.2AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 7, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in January...
8.3CVSS
1.3AI Score
0.004EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable issues: CVE-2023-21830, CVE-2023-21843. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified...
5.3CVSS
4.9AI Score
0.001EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues: CVE-2023-21830, CVE-2023-21843. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE...
5.3CVSS
4.9AI Score
0.001EPSS
Summary IBM has released the following fix for IBM Db2® Warehouse in response to multiple vulnerabilities found in IBM Db2®. Vulnerability Details ** CVEID: CVE-2023-29257 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote.....
7.5CVSS
10AI Score
0.004EPSS
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2023 Critical Patch Update, plus CVE-2023-2597. For more information please refer to Oracle's April 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details **...
9.1CVSS
7.7AI Score
0.002EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An...
9.1CVSS
8AI Score
0.002EPSS
Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are...
8.8CVSS
6.5AI Score
0.001EPSS
Summary There was a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the Java Technology Edition...
5.3CVSS
6AI Score
0.001EPSS
Intel 2023.1 IPU – BIOS February 2023 Security Updates
Intel has informed HP of potential vulnerabilities identified in some Intel® Processors with Intel® Software Guard Extensions (SGX) that might allow information disclosure and potential vulnerabilities in the BIOS firmware and Intel® Trusted Execution Technology (TXT) Secure Initialization (SINIT)....
8.2CVSS
1.9AI Score
0.0004EPSS
Summary There was a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java XML vulnerability...
5.3CVSS
5.9AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
6.6AI Score
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK...
10AI Score
7.1AI Score
NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....
7.1CVSS
6.9AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 DESCRIPTION:...
5.3CVSS
6.6AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21628 ...
5.3CVSS
6.6AI Score
0.002EPSS
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
9.8CVSS
9.3AI Score
0.002EPSS
AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior
...
7.8CVSS
7.8AI Score
0.001EPSS
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
9.8CVSS
9.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® DB2, which is a core component used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs (CVE-2023-29257, CVE-2023-26021, CVE-2023-26022, CVE-2023-27559,.....
7.5CVSS
7.8AI Score
0.003EPSS
Increased Truebot Activity Infects U.S. and Canada Based Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to.....
9.8CVSS
10AI Score
0.969EPSS
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
9.8CVSS
9.3AI Score
0.002EPSS
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
9.8CVSS
8.2AI Score
0.002EPSS
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
9.8CVSS
9.4AI Score
0.001EPSS
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
9.8CVSS
7.7AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in golang affect IBM Db2® REST
Summary IBM Db2® REST is affected by multiple vulnerabilities found in Golang. IBM has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2023-24540 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing...
9.8CVSS
7.7AI Score
0.003EPSS
What are the impacts of FedRAMP® Rev. 5?
The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers (CSPs) who have achieved authorization to operate (ATO) and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a...
7AI Score
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21967 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise.....
7.5CVSS
6.7AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2023 Vulnerability Advisory, plus CVE-2023-25193 and CVE-2023-2597. For more information please refer to OpenJDK's April 2023 Vulnerability Advisory and the X-Force database entries referenced...
9.1CVSS
8AI Score
0.002EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
7.4CVSS
6.4AI Score
0.002EPSS
Summary Multiple vulnerabilities have been reported for IBM® Java SDK and WebSphere Application Server Liberty profile, which are shipped with IBM Business Automation Workflow containers. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related.....
7.5CVSS
6.9AI Score
0.034EPSS
Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was included in the October 2022 Critical Patch Update. CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619 Vulnerability Details **....
5.3CVSS
6.4AI Score
0.002EPSS