Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE.....
5.9CVSS
6.9AI Score
0.001EPSS
Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
6.9AI Score
0.001EPSS
Tosibox Key Service 3.3.0 Local Privilege Escalation
Title: Tosibox Key Service 3.3.0 Local Privilege Escalation Advisory ID: ZSL-2024-5812 Type: Local Impact: Privilege Escalation Risk: (3/5) Release Date: 23.02.2024 Summary TOSIBOX® SoftKey is a software that enables a secure connection between your computer and one or more TOSIBOX® Nodes,...
7.9AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023...
5.9CVSS
9.4AI Score
0.001EPSS
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack: Jazz Foundation, IBM Jazz Reporting Service, IBM...
7.5CVSS
6.5AI Score
0.001EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...
7.5CVSS
6.5AI Score
0.001EPSS
CVE-2023-37495 HCL Domino is susceptible to a weak cryptography vulnerability
Internet passwords stored in Person documents in the Domino® Directory created using the "Add Person" action on the People & Groups tab in the Domino® Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine...
5.9CVSS
5.8AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
7.5CVSS
7.2AI Score
0.001EPSS
Metasploit Weekly Wrap-Up 02/16/2024
New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded.....
7.3AI Score
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read...
9CVSS
9.2AI Score
0.0004EPSS
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read...
9CVSS
9AI Score
0.0004EPSS
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read...
9CVSS
7.2AI Score
0.0004EPSS
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read...
9CVSS
9.3AI Score
0.0004EPSS
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager (SKLM/GKLM). Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes...
8.4CVSS
8.4AI Score
0.001EPSS
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users with...
9CVSS
9.3AI Score
0.0004EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
10AI Score
0.116EPSS
Summary CVE-2023-22081 and CVE-2023-22067 were disclosed in the Oracle October 2023 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality...
5.3CVSS
5.8AI Score
0.001EPSS
Summary CVE-2023-22049 was disclosed in the Oracle July 2023 Quarterly CPU Update. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts. CVSS Base...
3.7CVSS
4.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no...
5.9CVSS
5.8AI Score
0.001EPSS
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities Vulnerability Details ** CVEID:...
9.8CVSS
10AI Score
EPSS
Summary There is a vulnerability in IBM® Java™ version 8 and 11 used by IBM CPLEX Optimization Studio. This issue was disclosed as part of the Oracle / OpenJDK October 2023 Critical Patch Updates. Vulnerability Details ** CVEID: CVE-2023-5676 DESCRIPTION: **Eclipse OpenJ9 is vulnerable to a...
5.9CVSS
5.4AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Versions 8 and 11 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the Oracle / OpenJDK July 2023 Critical Patch Updates. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An...
3.7CVSS
5AI Score
0.001EPSS
Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality...
3.7CVSS
4.9AI Score
0.001EPSS
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE)...
9.8CVSS
10AI Score
0.074EPSS
Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of...
9.1CVSS
7.4AI Score
0.969EPSS
Intel® QSFP+ Configuration Utility Software Advisory
Summary: A potential security vulnerability in some Intel® QSFP+ Configuration Utility software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® QSFP+ Configuration Utility...
7.1AI Score
0.0004EPSS
Intel Thunderbolt Controller February 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt™ Controllers, which might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.1CVSS
7.2AI Score
0.0004EPSS
Intel® SGX DCAP Software Advisory
Summary: A potential security vulnerability in some Intel® Software Guard Extensions (SGX) Data Center Attestation Primitives (DCAP) software may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID:...
6.4AI Score
0.0004EPSS
Intel® SDK for OpenCL™ Applications Software Advisory
Summary: A potential security vulnerability in some Intel® SDK for OpenCL™ Applications software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® SDK for OpenCL™ Applications...
7.1AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® One Boot Flash Update (OFU) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-25945 Description: Protection mechanism failure...
7.2AI Score
0.0004EPSS
Intel® PROSet/Wireless and Killer™ Wi-Fi Software February 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. ...
7.1CVSS
7.7AI Score
0.0004EPSS
Summary: Potential security vulnerabilities in some Intel® Virtual RAID on CPU (VROC) software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-31271 Description: Improper access control in...
7.4AI Score
0.0004EPSS
Intel® Optimization for TensorFlow Advisory
Summary: A potential security vulnerability in Intel® Optimization for TensorFlow may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-30767 Description: Improper buffer restrictions in Intel®...
7.3AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® Computing Improvement Program (CIP) software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-35769 Description: Uncontrolled search...
7.2AI Score
0.0004EPSS
Intel® QAT Software Drivers Advisory
Summary: A potential security vulnerability in some Intel® QuickAssist Technology (QAT) software drivers for Windows may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-41252 Description: Out-of-bounds...
6.8AI Score
0.0004EPSS
Intel Extreme Tuning Utility (XTU) February 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Extreme Tuning Utility (XTU) software, which might allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential...
6.8CVSS
7.7AI Score
0.0004EPSS
Intel Thunderbolt DCH Drivers for Windows February 2024 Security Updates
Intel has informed HP of potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows, which might allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these...
8.2CVSS
7.7AI Score
0.0004EPSS
Intel Unite Software February 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Unite® software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerabilities. HP has...
6.6CVSS
7.5AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® Server Platform Services (SPS) firmware may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-29153 Description: Uncontrolled resource consumption.....
7AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Assistive Context-Aware Toolkit (ACAT) software maintained by Intel® may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-41231 Description:...
7.2AI Score
0.0004EPSS
Intel® SUR for Gameplay Software Advisory
Summary: Potential security vulnerabilities in the Intel® System Usage Report (SUR) for Gameplay Software may allow escalation of privilege. Intel is not releasing updates to mitigate these potential vulnerabilities and has issued a Product Discontinuation Notice for Intel® System Usage Report for....
7.5AI Score
0.0004EPSS
Intel® Binary Configuration Tool Software Advisory
Summary: A potential security vulnerability in some Intel® Binary Configuration Tool software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-24591 Description: Uncontrolled search path in some.....
7.2AI Score
0.0004EPSS
Summary: A potential security vulnerability in some Intel® Performance Counter Monitor (PCM) software may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-34351 Description: Buffer underflow in some...
7.2AI Score
0.0004EPSS
Summary: Potential security vulnerabilities in some Intel® Memory and Storage Tool (MAS) software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-36490 Description:...
7.5AI Score
0.0004EPSS
Intel® Optane™ PMem Management Software Advisory
Summary: Potential security vulnerabilities in some Intel® Optane™ Persistent Memory (PMem) management software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22311 Description: Improper...
7.3AI Score
0.0004EPSS
Intel® PROSet/Wireless and Intel® KillerTM Wi-Fi Software Advisory
Summary: Potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details:...
7.3AI Score
0.0004EPSS
Intel® Battery Life Diagnostic Tool Software Advisory
Summary: A potential security vulnerability in some Intel® Battery Life Diagnostic Tool software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-35060 Description: Uncontrolled search path in...
7.2AI Score
0.0004EPSS
Intel® oneAPI Software Installers Advisory
Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32618 Description: Uncontrolled...
7.6AI Score
0.0004EPSS
Intel Virtual RAID on CPU (VROC) February 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Virtual RAID on CPU (VROC) software, which might allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential...
6.7CVSS
7.7AI Score
0.0004EPSS
Intel® ThunderboltTM DCH Drivers for Windows Advisory
Summary: Potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.....
8AI Score
0.0004EPSS