SECURITY INTELLIGENCE ADVISORY - Sattrix
2y ago
49 Views
1 Downloads
931.72 KB
10 Pages
Report/dmca
Download PDF

Transcription

SECURITYINTELLIGENCEADVISORY25th Nov 2020 - 24th Dec2020w w w. s a tt r i x .c o m

INTENTThis report is intended to help quantify the scope of that risk as organizations’ struggle to balance their cybersecurity policies and protections against the needs of their employees for access to the Web and its resources.BACKGROUNDEvery organization – large, medium and small has a huge risk and a typical challenge of managing vulnerabilitiespresent in the operating systems, Vulnerabilities that are not attended possess a very high risk and can costyour organization various threats and damage. There is threat from users within the system, competitors whowant to know accurate details about your business model etc. There is a certain way to identify and updatepatches for your vulnerabilities to avoid all these serious threats and curb the damage thereof. There’s also amethod in which specialists get into your system and run a check to identify how strong the system is. Performing vulnerability assessments guarantee all normal system vulnerabilities are taken into consideration. Whenassessments are conducted regularly, new threats are identified quickly.WHAT DOES THE VULNERABILITYADVISORY COVER?We monitor around 2000 applications,appliances and operating systems, andtests and verifies the vulnerabilitiesreported in them.We are focusing each vulnerabilitydisclosed in those 2000 products.The systems and applications monitoredby Sattrix Research Team are those in usein the environment of the customers.In the instance of customers usingproducts that aren’t already beingmonitored by our team, these products canbe submitted to us and we will initiatemonitoring them the next business day. Weonly monitor public or commerciallyavailable solutions.The Vulnerability Database coversvulnerabilities that can be exploited in alltypes of products – software, hardware,firmware, etc. COPYRIGHT 2021 Sattrix. ALL RIGHTS RESERVEDThe vulnerabilities verified by our team aredescribed in client database as an Advisoryand listed in the Sattrix Vulnerability Reports,detailing what IT Security teams need to knowto mitigate the risk posed by the vulnerabilityin their environment.The Vulnerability Database coversvulnerabilities that can be exploited in alltypes of products and also, we cover zero daysand eos/eol.We create daily and weekly reports includingall the details of that vulnerability and totalvulnerability count in last week and provide itto customer as well.The Sattrix Advisory descriptions includeseverity, under investigation product,Affected Product, cve id, Sattrix score,reference links and remediations.Sattrix researchers monitor the vulnerabilitieswithin 5 business working days.02

EXECUTIVE SUMMARYOverall Monthly Vulnerability Trend ChartWith CVENo CVEEOS/EOLLinear (With CVE)Linear (No CVE)Linear 9Dec22DecReleased Vulnerabilities and severity wise countThis graph present threat levels basedon vulnerability identified.490, 31%1007, 63%45, 3%CriticalLowHighMedium COPYRIGHT 2021 Sattrix. ALL RIGHTS RESERVED57, 3%03

EXECUTIVE SUMMARYThis graph present total released vulnerabilities includingZero-day vulnerability and EOS/EOL with their count.800, 94%13, 2%With CVE35, 4%No CVEEOS/EOLProduct wise Released EOS/EOL count108642 COPYRIGHT 2021 Sattrix. ALL RIGHTS IBMPalo AltoCheckPointNode.jsCentOSPostgreSQLRSA004

Product wise Released Non-CVE ID or Zero Day vulnerabilities count54321SUSEUiPatahJuniperXeron heckPointCentOS0Critical CVE CountMicrosoftDellAdobeHPECiscoJuniper051015 COPYRIGHT 2021 Sattrix. ALL RIGHTS RESERVED20253005

Date wise Released Vulnerabilities Count, fortnightly summarized9080706050403020100-5050-6060-70Produc wise chart for CVE - he AirflowDellFortiNetMicroFocus01234 COPYRIGHT 2021 Sattrix. ALL RIGHTS RESERVED567891006

Produc wise chart for CVE - Part-20-100201-300101-200301-450Palo JuniperRedHatSUSE050100150200 COPYRIGHT 2021 Sattrix. ALL RIGHTS RESERVED25030035040045050007

TOP VULNERABILITIESOF THE WEEKDataCVE IDVendorProductSummaryRecommendation12 / 1 perContrailNetworkingContrail Networking:Multiple Vulnerabilitieshave been resolved inRelease 1910Updates are availableplease see belowreference linkhttps://kb.juniper.net/InfoCenter/index?page content&id JSA10967&cat SIRT 1&actp LIST12 / 2 /2020CVE-2019-10173JuniperJuniper SecureAnalytics (JSA)7.3.2, 7.3.3.Multiple vulnerabilitieshave been resolved in theJuniper Secure Analytics(JSA) 7.3.2 Patch 5, and7.3.3 Patch 1 FixPack 1 byfixing vulnerabilities inthe Linux kernel inaddition to other softwareUpdates are availableplease see belowreference linkhttps://kb.juniper.net/InfoCenter/index?page content&id JSA11007&cat SIRT 1&actp LIST12 / 3 /2020CVE-2020-7199HPEHPE EdgelineInfrastructureManagementSoftware Prior to 1.21Security vulnerability has beenidentified in the HPE EdgelineInfrastructure Manager, alsoknown as HPE EdgelineInfrastructure ManagementSoftware. The vulnerabilitycould be remotely exploited tobypass remote authenticationleading to execution ofarbitrary commands, gainingprivileged access, causingdenial of service, & changingthe configuration.Updates are availableplease see belowreference y?docLocale en US&docId hpesbgn04063enus COPYRIGHT 2021 Sattrix. ALL RIGHTS RESERVED08

DataCVE IDVendorProduct12 / 4 /2020CVE-2018-18311CVE-2018-18312HPEHP-UX PerlSoftwareE.5.28.0.AMultiple security vulnerabilitieshave been identified in HPUXPerl E.5.28.0.A. Thesevulnerabilities may cause bufferoverflows through the use ofcrafted regular expressions,invalid write operations,malformed bytecode intrusioninjections, or a heap-basedbuffer overflow.Updates are availableplease see belowreference y?docLocale en US&docId hpesbux04065en us12 / 8/2020CVE-2020-24440AdobeAdobe Prelude 9.0.1 and earlierversionsAdobe has releasedupdates for Adobe Preludefor Windows and macOS.Updates are availableplease see belowreference ude/apsb2070.html12 / 8/2020CVE-2020-24445AdobeAEM CSAEM 6.5.6.0 andearlier, AEM6.4.8.2 and earlierAEM 6.3.3.8 andearlierAdobe has released updatesfor Adobe ExperienceManager (AEM) and the AEMForms add-on package.Updates are availableplease see belowreference riencemanager/apsb20-72.html12 / 10 -2020-27133CVE-2020-27134CiscoCisco Jabber forWindows - 12.9Multiple vulnerabilities inCisco Jabber for Windows,Jabber for MacOS, andJabber for mobileplatforms could allow anattacker to executearbitrary programs on theunderlying operatingsystem (OS) with elevatedprivileges or gain accessto sensitive information.Updates are availableplease see belowreference t/CiscoSecurityAdvisory/cisco-sa-jabberZktzjpgO12 / 11 /2020CVE-2020-24447AdobeLightroomClassic - 10.0 &earlier versionsAdobe has releasedupdates for AdobeLightroom Classic forWindows and macOS.Updates are availableplease see belowreference troom/apsb2074.html12 / 14 tSharePointFoundation 2013Service Pack 1MicrosoftSharePointFoundation 2010Microsoft SharePointRemote Code ExecutionVulnerabilityUpdates are availableplease see belowreference ability/CVE2020-17118 COPYRIGHT 2021 Sattrix. ALL RIGHTS RESERVEDSummaryRecommendation09

DataCVE 121Service Pack 2MicrosoftSharePointServer 2019MicrosoftSharePointEnterpriseServer 201612 / 22 /2020CVE-2020-29492CVE-2020-29491DellDell Wyse 3040 ThinClient (ENG), Dell Wyse3040 Thin Client (ENG),Dell Wyse 3040 ThinClient (JPN), Dell Wyse3040 Thin Client (JPN),Dell Wyse 3040 ThinClient with PCoIP (ENG),Dell Wyse 3040 ThinClient with PCoIP (ENG),Dell Wyse 3040 ThinClient with PCoIP (JPN),Dell Wyse 3040 ThinClient with PCoIP (JPN),Dell Wyse 5010 ThinClient (ENG), Dell Wyse5010 Thin Client (ENG),Dell Wyse 5010 ThinClient (JPN), Dell Wyse5010 Thin Client (JPN),Dell Wyse 5010 ThinClient with PCoIP (ENG),Dell Wyse 5010 ThinClient with PCoIP (JPN),Dell Wyse 5040 ThinClient (ENG), Dell Wyse5040 Thin Client (ENG)Dell Wyse 5040 ThinClient (JPN)Dell Wyse ThinOS 8.6Security Update forInsecure DefaultConfiguration VulnerabilitiesRefer to Dell DSA Identifier:DSA-2020-281 for patch,upgrade or suggestedworkaround information.See bdoc/en-in/000180768/dsa-2020-281Disclaimer: The information in this document is subject to change without notice and should not be construed as a commitment by Sattrix Information Security (P)Ltd. Sattrix provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in thisdocument, and assumes no responsibility for any errors that may appear in this document. In no event shall Sattrix or any of its suppliers be liable for direct, indirect,special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described inthis document, even if Sattrix or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced orcopied without written permission from Sattrix, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights toregistrations and trademarks reside with their respective owners Copyright 2019 Sattrix. All rights reserved.Limitation of Liability: IN NO EVENT SHALL Sattrix, Sattrix AFFILIATES, OR THEIR OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, LICENSORS ANDTHIRD PARTY PARTNERS, BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR ANYDAMAGES WHATSOEVER, EVEN IF Sattrix HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER IN AN ACTION UNDERCONTRACT, TORT, OR ANY OTHER THEORY ARISING FROM YOUR ACCESS TO, OR USE OF, THE MATERIALS. Because some jurisdictions do not allow limitations onhow long an implied warranty lasts, or the exclusion or limitation of liability for consequential or incidental damages, some of the above limitations may not apply toGlobal PresenceUSA / Sattrix Information Security IncUK/EU / Sattrix Information Security LtdMEA / Sattrix Information Security DMCCIndia / Sattrix Information Security (P) Ltd 9 1 -7 9 6 - 8 1 9 - 6 8 0 0info@sattrix.comHQ28, Damubhai Colony,Bhattha Paldi, Ahmedabad - 007SOC Center516, 517 Shivalik Shilp,Iscon Cross Road, S G Highway, Ahmedabadw w w. s a t t r i x . c o m

CVE-2019-10173 Juniper Juniper Secure Analytics (JSA) 7.3.2, 7.3.3. Multiple vulnerabilities have been resolved in the Juniper Secure Analytics (JSA) 7.3.2 Patch 5, and 7.3.3 Patch 1 FixPack 1 by fixing vulnerabilities in the Linux k

Related Books

Web Intelligence, the business intelligence reporting tool .

Web Intelligence, the business intelligence reporting tool .

Migrating from Desktop Intelligence to Web Intelligence - SAP

Migrating from Desktop Intelligence to Web Intelligence - SAP

SAP Controls Advisory - PwC

SAP Controls Advisory - PwC

ACFCS OVERVIEW - Clement Advisory Group

ACFCS OVERVIEW - Clement Advisory Group

The Global Aerospace Industry - AeroDynamic Advisory

The Global Aerospace Industry - AeroDynamic Advisory

Attendee list As Of Sept. 6, 2013 - BIA Advisory Services

Attendee list As Of Sept. 6, 2013 - BIA Advisory Services

Advisory U.S. Circular - FAA

Advisory U.S. Circular - FAA

McAfee Labs Threat Advisory

McAfee Labs Threat Advisory

Modesto Junior College Child Development Advisory

Modesto Junior College Child Development Advisory

Technical Advisory Group Meeting-minutes2 - Welcome to

Technical Advisory Group Meeting-minutes2 - Welcome to

FIAS: The investment climate advisory service

FIAS: The investment climate advisory service

MINUTES OF THE MEETING OF THE STATE ADVISORY

MINUTES OF THE MEETING OF THE STATE ADVISORY

PopularTags

Recent Views