Apache | Cisco | Microsoft | SAP | OPENSSL | Adobe

Advisory ID: 
JMCIRT-SA-2020.183
Advisory Date: 
Friday, December 11, 2020
Advisory Description: 

Apache Releases Security Advisory for Apache Tomcat
Original release date: December 4, 2020

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Apache Security Advisory and apply the necessary updates.


Cisco Releases Security Advisory for Vulnerability in AnyConnect Software
Original release date: December 7, 2020 | Last Revised: December 8, 2020

Cisco has released security updates to address vulnerabilities in AnyConnect Secure Mobility Client Software and Security Manager. An attacker could exploit these vulnerabilities to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the following Cisco Security Advisories and apply the necessary updates:


Microsoft Releases December 2020 Security Updates
Original release date: December 8, 2020

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Microsoft December 2020 Security Update Summary and Deployment Info page and apply the necessary updates.


SAP Releases December 2020 Security Updates
Original release date: December 8, 2020

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include a missing authentication check vulnerability affecting SAP NetWeaver AS JAVA (P2P Cluster Communication).

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the SAP Security Notes and apply the necessary updates.


OpenSSL Releases Security Updates
Original release date: December 8, 2020

OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the OpenSSL Security Advisory and apply the necessary updates.


Apache Releases Security Updates for Apache Struts 2
Original release date: December 8, 2020

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Apache Security Bulletin and security advisory for CVE-2020-17530 and apply the necessary updates.


Adobe Releases Security Updates for Acrobat & Reader
Original release date: December 10, 2020

Adobe has released security updates to address a vulnerability in Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Adobe Security Bulletin and apply the necessary updates.



References

    http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C...
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
    https://support.microsoft.com/en-us/help/20201208/security-update-deploy...
    https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec
    https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
    https://www.openssl.org/news/secadv/20201208.txt
    http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C...
    https://cwiki.apache.org/confluence/display/WW/S2-061
    https://helpx.adobe.com/security/products/acrobat/apsb20-75.html