Security Updates: SAP | Microsoft | Apache | Adobe | Juniper

Advisory ID: 
JMCIRT-SA-2020.144
Advisory Date: 
Tuesday, October 20, 2020
Advisory Description: 

 

SAP Releases October 2020 Security Updates
Original release date: October 13, 2020

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes an OS command injection vulnerability (CVE-2020-6364) affecting SAP Solution Manager and SAP Focused Run.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the SAP Security Advisory and apply the necessary updates.


Microsoft Releases October 2020 Security Updates
Original release date: October 13, 2020

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Microsoft October 2020 Security Update Summary and Deployment Info and apply the necessary updates.


Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability
Original release date: October 14, 2020

Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Microsoft Security Advisory and apply the necessary updates.


Apache Releases Security Updates for Apache Tomcat
Original release date: October 14, 2020

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Apache Security Advisory and apply the necessary updates.

 

Adobe Releases Security Updates for Flash Player
Original release date: October 14, 2020

Adobe has released security updates to address a vulnerability affecting Flash Player. An attacker could exploit this vulnerability to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Adobe Security Bulletin and apply the necessary updates.


Juniper Networks Releases Security Updates for Multiple Products
Original release date: October 15, 2020

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Juniper Security Advisory and apply the necessary updates.

 

References
1. https://www.us-cert.gov
2. https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
3. https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedet...
4. https://support.microsoft.com/en-us/help/20201013/security-update-deploy...
5. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...
6. http://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3C...
7. https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
8. https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_AD...