- SAP Releases June 2022 Security Updates
- Cisco Releases Security Updates for Multiple Products
- Adobe Releases Security Updates for Multiple Products
- Drupal Releases Security Updates
_______________________________
SAP Releases June 2022 Security Updates
Situation:
SAP has released security updates for June 2022.
Problem:
Current versions of SAP software contain vulnerabilities affecting multiple products.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review “SAP Security Patch Day – June 2022” and apply the necessary updates.
Additional Resources:
SAP Security Patch Day – June 2022:
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Link to CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/14/sap-releases-june-2022-security-updates
________________________________
Cisco Releases Security Updates for Multiple Products
Situation:
Cisco has released security updates.
Problem:
Multiple Cisco products contain vulnerabilities.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:
- Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability cisco-sa-sma-esa-auth-bypass-66kEcxQD
- Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability cisco-sa-sb-rv-overflow-s2r82P9v
- Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability cisco-sa-esasma-info-dsc-Q9tLuOvM
Additional Resources:
Link to CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/16/cisco-releases-security-updates-multiple-products
For updates addressing lower severity vulnerabilities:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Adobe Releases Security Updates for Multiple Products
Situation:
Adobe has released security updates to address vulnerabilities in multiple products.
Problem:
The vulnerabilities that have been patched include arbitrary code execution, privilege escalation, use-after-free,out-of-bounds read and write, and more.
Implication:
If attacker successfully exploits some of these vulnerabilities it could allow them to take control of an affected device
Need:
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Additional Resources:
Animate – APSB22-24
Bridge – APSB22-25
Illustrator – APSB22-26
InCopy: – APSB22-29
InDesign – APSB22-30
RoboHelp Server – APSB22-31
________________________________
Drupal Releases Security Updates
Situation:
Drupal has released security updates to address a Guzzle third-party library vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites
Problem:
Vulnerabilities were found in third party libraries for Drupal.
Implication:
Exploitation of this vulnerability could allow a remote attacker to take control of an affected website.
Need:
Install the latest update for Drupal
Additional Resources:
Drupal Advisory:
https://www.drupal.org/sa-core-2022-011