VMware | Fortinet | Drupal

Advisory ID: 
JMCIRT-SA-2020.171
Advisory Date: 
Monday, November 30, 2020
Advisory Description: 

VMware Releases Workarounds for CVE-2020-4006
Original release date: November 23, 2020

VMware has released workarounds to address a vulnerability CVE-2020-4006 in VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the VMware Security Advisory and apply the necessary updates.


Fortinet FortiOS System Leak
Original release date: November 27, 2020

Fortinet has released security updates to address a vulnerability, CVE-2018-13379 on Fortinet devices. A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Fortinet Security Advisory and apply the necessary updates.


Drupal Releases Security Updates
Original release date: November 27, 2020

Drupal has released security updates to address vulnerabilities in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.

The Jamaica Cyber Incident Response Team (JaCIRT) advises users and administrators to peruse the Drupal Advisory and apply the necessary updates.

References
1. https://www.us-cert.gov
2. https://www.vmware.com/security/advisories/VMSA-2020-0027.html 
3. https://www.fortiguard.com/psirt/FG-IR-18-384
4. https://www.drupal.org/sa-core-2020-013