Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2023. These issues are also addressed by WebSphere Application Server shipped with WebSphere...
7.4CVSS
6.3AI Score
0.002EPSS
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8.0.7.0 - 8.0.7.11 , which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and...
7.5CVSS
6.3AI Score
0.002EPSS
Summary A vulnerability (CVE-2022-3676) exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security.....
6.5CVSS
6.3AI Score
0.001EPSS
CVE-2023-0635 Privilege escalation to root
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
7.8CVSS
9.6AI Score
0.002EPSS
CVE-2023-0636 Remote Code Execution via Command Injection
Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...
7.2CVSS
9.7AI Score
0.001EPSS
It’s June, and it’s Patch Tuesday. The volume of fixes this month is typical compared with recent history: 94 in total (including Edge-on-Chromium). For the first time in a while, Microsoft isn’t offering patches for any zero-day vulnerabilities, but we do get fixes for four critical Remote Code...
9.8CVSS
9.2AI Score
0.89EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. This product has addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your...
5.3CVSS
6.4AI Score
0.001EPSS
Summary IBM DB2 shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM DB2 has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-29257 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)...
7.5CVSS
8AI Score
0.003EPSS
Summary IBM Virtualization Engine TS7700 is vulnerable to various cryptographic attacks due to use of IBM® SDK Java™ Technology Edition, Version 8 (CVE-2023-30441). The Java SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud....
7.5CVSS
6.1AI Score
0.002EPSS
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8.0.7.0 - 8.0.7.11, which is used by IBM Tivoli Network Manager IP Edition v4.2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected...
7.5CVSS
6.3AI Score
0.002EPSS
A Framework for Enhanced Security: Continuous Threat Exposure Management (CTEM)
If you're a cybersecurity professional, you're likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we'll look at another trending acronym – CTEM, which.....
6.9AI Score
7.1AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details ** CVEID:...
5.3CVSS
6.3AI Score
0.001EPSS
The Importance of Managing Your Data Security Posture
Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do.....
7AI Score
NVIDIA® GPU Display Driver March 2023 Security Update
NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, denial of service, and information disclosure. NVIDIA has released software updates to mitigate these vulnerabilities. NVIDIA has...
8.8CVSS
6.3AI Score
0.001EPSS
Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber...
9.8CVSS
9.8AI Score
0.965EPSS
Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by Cloud Pak System. Cloud Pak System has addressed vulnerability. [CVE-2023-30441] Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...
7.5CVSS
5.9AI Score
0.002EPSS
CVE-2023-26215 TIBCO EBX® Add-ons Path Traversal
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and...
7.7CVSS
7.6AI Score
0.001EPSS
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. These issues were disclosed as part of the IBM Java SDK and...
7.5CVSS
5.9AI Score
0.002EPSS
Security Bulletin: IBM® MobileFirst Platform is vulnerable to CVE-2023-24998
Summary IBM Websphere® Liberty is the stack on top of which the MobileFirst runtime is hosted. The Liberty version (19.0.0.5) that is packaged with the MobileFirst Platform is impacted by the vulnerability described in CVE-2023-24998. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION:...
7.5CVSS
6.7AI Score
0.034EPSS
7.1AI Score
7.4AI Score
7.4AI Score
7.1AI Score
7.4AI Score
7.1AI Score
7.1AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and...
7.5CVSS
6.2AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP...
5.3CVSS
6.3AI Score
0.001EPSS
7.4AI Score
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE...
7.5CVSS
6.2AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component...
5.3CVSS
6.2AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related to the...
5.3CVSS
6.3AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21830 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization...
5.3CVSS
6.2AI Score
0.001EPSS
How Attack Surface Management Supports Continuous Threat Exposure Management
According to Forrester, External Attack Surface Management (EASM) emerged as a market category in 2021 and gained popularity in 2022. In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management (ASM) for a suite.....
6.9AI Score
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to exposing sensitive information using a combination of flaws and configurations as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i Group PTF...
7.5CVSS
6.2AI Score
0.002EPSS
Understanding Ransomware Threat Actors: LockBit
SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food.....
10CVSS
9.4AI Score
0.976EPSS
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes...
7.5CVSS
8.3AI Score
0.003EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable issue, CVE-2023-30441. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java...
7.5CVSS
5.9AI Score
0.002EPSS
Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issue, CVE-2023-30441. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus.....
7.5CVSS
5.9AI Score
0.002EPSS
Summary IBM® Runtime Environment Java™ Technology Edition, Version 8 is shipped as a component of Tivoli Netcool/OMNIbus. Information about a security vulnerability affecting the IBM Java Runtime has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-30441 ...
7.5CVSS
6.1AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in October 2022 and January 2023. These issues are addressed by WebSphere Application Server shipped...
6.5CVSS
6.7AI Score
0.002EPSS
7.1AI Score
7.1AI Score
7.1AI Score
Summary There is a vulnerability in the IBM SDK, Java Technology Edition, used by WebSphere Service Registry and Repository. This issue is also addressed by IBM WebSphere Application Server shipped with WebSphere Service Registry and Repository. Vulnerability Details ** CVEID: CVE-2023-30441 ...
7.5CVSS
5.9AI Score
0.002EPSS