Apache | Cisco | Microsoft | SAP | OPENSSL | Adobe
Apache Releases Security Advisory for Apache Tomcat
Original release date: December 4, 2020
The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.
The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Apache Security Advisory and apply the necessary updates.
Cisco Releases Security Advisory for Vulnerability in AnyConnect Software
Original release date: December 7, 2020 | Last Revised: December 8, 2020
Cisco has released security updates to address vulnerabilities in AnyConnect Secure Mobility Client Software and Security Manager. An attacker could exploit these vulnerabilities to take control of an affected system.
The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the following Cisco Security Advisories and apply the necessary updates:
- AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
- Security Manager Java Deserialization Vulnerabilities
Microsoft Releases December 2020 Security Updates
Original release date: December 8, 2020
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Microsoft December 2020 Security Update Summary and Deployment Info page and apply the necessary updates.
SAP Releases December 2020 Security Updates
Original release date: December 8, 2020
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include a missing authentication check vulnerability affecting SAP NetWeaver AS JAVA (P2P Cluster Communication).
The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the SAP Security Notes and apply the necessary updates.
OpenSSL Releases Security Updates
Original release date: December 8, 2020
OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.
The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the OpenSSL Security Advisory and apply the necessary updates.
Apache Releases Security Updates for Apache Struts 2
Original release date: December 8, 2020
The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system.
The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Apache Security Bulletin and security advisory for CVE-2020-17530 and apply the necessary updates.
Adobe Releases Security Updates for Acrobat & Reader
Original release date: December 10, 2020
Adobe has released security updates to address a vulnerability in Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information.
The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Adobe Security Bulletin and apply the necessary updates.
References
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://support.microsoft.com/en-us/help/20201208/security-update-deploy...
https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
https://www.openssl.org/news/secadv/20201208.txt
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C...
https://cwiki.apache.org/confluence/display/WW/S2-061
https://helpx.adobe.com/security/products/acrobat/apsb20-75.html