Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1
SECURITY INTELLIGENCE
ADVISORY
26th OCT – 24th NOV 2020
OUR LOCATIONS
Intent
This report is intended to help quantify the scope of that risk as organizations’ struggle to balance their cyber
security policies and protections against the needs of their employees for access to the Web and its resources.
Background
Every organization – large, medium and small has a huge risk and a typical challenge of managing vulnerabilities
present in the operating systems, Vulnerabilities that are not attended possess a very high risk and can cost your
organization various threats and damage. There is threat from users within the system, competitors who want
to know accurate details about your business model etc. There is a certain way to identify and update patches
for your vulnerabilities to avoid all these serious threats and curb the damage thereof. There’s also a method in
which specialists get into your system and run a check to identify how strong the system is. Performing
vulnerability assessments guarantee all normal system vulnerabilities are taken into consideration. When
assessments are conducted regularly, new threats are identified quickly.
What does the Vulnerability Advisory cover?
1. We monitor around 2000 applications, appliances and operating systems, and tests and verifies the
vulnerabilities reported in them.
2. We are focusing each vulnerability disclosed in those 2000 products.
3. The systems and applications monitored by Sattrix Research Team are those in use in the environment
of the customers.
4. In the instance of customers using products that aren’t already being monitored by our team, these
products can be submitted to us and we will initiate monitoring them the next business day. We only
monitor public or commercially available solutions.
5. The Vulnerability Database covers vulnerabilities that can be exploited in all types of products –
software, hardware, firmware, etc.
6. The vulnerabilities verified by our team are described in client database as an Advisory and listed in the
Sattrix Vulnerability Reports, detailing what IT Security teams need to know to mitigate the risk posed
by the vulnerability in their environment.
7. The Vulnerability Database covers vulnerabilities that can be exploited in all types of products
and also, we cover zero days and EOS/EOL.
8. We create daily and weekly reports including all the details of that vulnerability and total vulnerability
count in last week and provide it to customer as well.
9. The Sattrix Advisory descriptions include severity, under investigation product, Affected Product, cve
id, Sattrix score, reference links and remediations.
10. Sattrix researchers monitor the vulnerabilities within 5 business working days.
2
www.sattrix.com Copyright 2020 Sattrix. All Rights Reserved
EXECUTIVE SUMMARY
➢ Overall Monthly Vulnerability Trend Chart
➢ Released Vulnerabilities and severity wise count
• This graph present threat levels based on vulnerability identified.
0
50
100
26
-Oct
28
-Oct
30
-Oct
01
-No
v
03
-No
v
05
-No
v
07
-No
v
09
-No
v
11
-No
v
13
-No
v
15
-No
v
17
-No
v
19
-No
v
21
-No
v
23
-No
v
Trend Chart For One MonthWith CVE No CVE EOS/EOL
Linear (With CVE) Linear (No CVE) Linear (EOS/EOL)
Critical, 34, 2%
High, 1076, 65%
Medium, 500, 31%
Low, 36, 2%
Severity Count
Critical High Medium Low
3
www.sattrix.com Copyright 2020 Sattrix. All Rights Reserved
➢ This graph present total released vulnerabilities including Zero-day vulnerability and EOS/EOL
with their count.
.
➢ Date wise Released Vulnerabilities Count, fortnightly summarized
With CVE, 1646, 97%
No CVE, 20, 1%
EOS/EOL, 35, 2%
With CVE No CVE EOS/EOLTotal Counts Table:With CVE: 1646(97%)No CVE: 20(1%)EOS / EOL: 35(2%)
0
10
20
30
40
50
60
70
80
90
100
26-Oct
27-Oct
28-Oct
29-Oct
30-Oct
02-Nov
03-Nov
04-Nov
05-Nov
06-Nov
09-Nov
10-Nov
11-Nov
12-Nov
13-Nov
17-Nov
18-Nov
19-Nov
20-Nov
23-Nov
24-Nov
Total 74 88 84 92 94 65 85 80 80 84 81 85 93 85 67 87 64 89 68 49 73
Datewise Count Table
4
www.sattrix.com Copyright 2020 Sattrix. All Rights Reserved
➢ Product wise Released EOS/EOL count.
➢ Product wise Released Non-CVE ID or Zero Day vulnerabilities count.
0
2
4
6
8
10
RSA PostgreSQL
CentOS
Node.js
CheckPoint
PaloAlto
IBM Oracle
VMWar
e
TrendMicro
Adobe
Microsof
t
McAfee
Count 1 1 1 1 1 1 2 2 3 3 3 7 9
Productwise chart for EOL\EOS
0
0.5
1
1.5
2
2.5
3
Boxoft
CentOS
RedHat
Teneble
Apple
IDM Polipo
GOMO
IBM Trend
Micro
Vtiger
ZTE UiPath
SUSE
Count 1 1 1 1 1 1 1 1 1 1 2 2 3 3
Productwise chart for Non-CVE
5
www.sattrix.com Copyright 2020 Sattrix. All Rights Reserved
➢ Product wise Released vulnerabilities count.
➢ Top 10 Vulnerabilities product wise critical vulnerabilities
050
100150200250300350400450500
Drupal
CheckPoint
No
de.js
Tenable
Micro
Focus
FortiNet
Apple
Len
ovo
Citrix
Huawei
F5 McAfee
VMWare
Ado
be
SAP Fo
xit
TrendMicro
Go
ogle
HPE
Oracle
Mozilla
Cisco
Microsoft
IBM
Intel
Ubuntu
SUSE
RedHat
Count 1 1 1 2 2 3 5 5 6 8 9 14 15 17 22 22 29 37 45 48 48 50 65 10 16 20 24 47
Productwise chart for CVE
0
2
4
6
8
10
McAfee Oracle Mozilla IBM HPE SUSE VMWare
SAP
Count 1 1 1 2 2 3 6 10
Critical CVE count
6
www.sattrix.com Copyright 2020 Sattrix. All Rights Reserved
Top Vulnerabilities of the Week
Date Sr. #
CVE ID Vendor Product Summary Recommendation
26-10-2020
1 CVE-2020-8178 IBM IBM Cloud Pak for Multicloud
Management-2.0
A security vulnerability in Node.js jison affects
IBM Cloud Pak for Multicloud Management
Managed Service.
Updates are available please see below reference link https://www.ibm.com/support/pages/node/6356103
27-10-2020
2 CVE-2020-11984 IBM IBM Rational Build Forge-
8.0.0.16
There are multiple vulnerabilities in Apache HTTP Server affecting
IBM Rational Build Forge
Updates are available please see below reference link https://www.ibm.com/support/pages/node/6351395
29-10-2020
3 CVE-2020-7197 HPE
HPE 3PAR StoreServ
Management and Core Software
Media All versions prior to
3.7.1.1
HPE 3Par and Primera StoreServ Management
Console (SSMC) is an off node multiarray manager
web application and remains isolated from data on the managed
arrays. SSMC is vulnerable to remote
authentication bypass.
Updates are available please see below reference link https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04045en_us
29-10-2020
4 CVE-2020-6703 McAfee
Data Exchange Layer-5.x,4.x
Data Loss Prevention -
Monitor 11.x,Prevent 11.x McAfee Active Response-2.x
McAfee Agent-5.5.x
Threat Intelligence
Exchange Server-2.3.x,2.2.x
Use After Free in remote logging (which is
disabled by default) in McAfee Agent (MA) 5.x earlier than 5.6.0 allows remote unauthenticated
attackers to cause a Denial of Service and
potentially a remote code execution via a specially
crafted HTTP header sent to the remote
logging service.
Updates are available please see below reference link https://kc.mcafee.com/corporate/index?page=content&id=SB10258&actp=null&viewlocale=en_US&showDraft=false&platinum_status=false&locale=en_US
7
02-11-2020
5 CVE-2020-
11900 HPE
HPE ProLiant m510 Server
Cartridge -Prior to iLO 4 2.60 for
Moonshot HPE ProLiant m710x Server Blade -Prior to iLO 4 2.60 for
Moonshot HPE ProLiant
m710x-L Server Blade -Prior to iLO 4 2.60 for
Moonshot HPE Moonshot
Chassis Management
Firmware - Prior to Moonshot iLO Chassis Manager
1.62
Multiple security vulnerabilities have been identified in
Integrated Lights-Out 4 (iLO 4) firmware for
Moonshot and Edgeline cartridges and blades,
and Moonshot iLO Chassis Manager
firmware. The vulnerabilities could be remotely exploited to execute code, cause
denial of service, and expose sensitive
information. HPE has released updated
firmware to mitigate these vulnerabilities.
Updates are available please see below
reference link https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04
021en_us
02-11-2020
6 CVE-2020-
14750 Oracle
Oracle WebLogic Server, versions
10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Oracle Security Alert Advisory - CVE-2020-
14750
Updates are available please see below reference link https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
09-11-2020
7 CVE-2020-
26950 Mozilla
Firefox -82.0.3, Firefox ESR -
78.4.1, Thunderbird -
78.4.2
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and
Thunderbird 78.4.2
Updates are available please see below reference link https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
12-11-2020
8
CVE-2020-16846
CVE-2020-17490
CVE-2020-25592
SUSE SUSE Enterprise
Storage 5
An update that fixes three vulnerabilities is now
available.
Updates are available please see below reference link https://www.suse.com/support/update/announcement/2020/suse-su-20203171-1/
www.sattrix.com Copyright 2020 Sattrix. All Rights Reserved
Disclaimer: The information in this document is subject to change without notice and should not be construed as a commitment by Sattrix Information Security Pvt. Ltd. Sattrix provides
no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no
responsibility for any errors that may appear in this document. In no event shall Sattrix or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages
of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Sattrix or its suppliers have been advised of
the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Sattrix, and the contents hereof must not be
imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners
© Copyright 2019 Sattrix. All rights reserved.
Limitation of Liability: IN NO EVENT SHALL SATTRIX, SATTRIX AFFILIATES, OR THEIR OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, LICENSORS AND THIRD PARTY PARTNERS,
BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER, EVEN IF SATTRIX HAS BEEN
PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER IN AN ACTION UNDER CONTRACT, TORT, OR ANY OTHER THEORY ARISING FROM YOUR ACCESS TO, OR USE
OF, THE MATERIALS. Because some jurisdictions do not allow limitations on how long an implied warranty lasts, or the exclusion or limitation of liability for consequential or incidental
damages, some of the above limitations may not apply to you
13-11-2020
9
CVE-2020-26821,
CVE-2020-26822,
CVE-2020-26823,
CVE-2020-26824,
CVE-2020-6207,
CVE-2019-0230,
CVE-2019-0233, CVE-2020-
26808, CVE-2020-
26820, CVE-2020-6284
SAP
SAP Solution Manager (JAVA stack), Version - 7.2,
SAP Solution Manager (User Experience
Monitoring), Version - 7.2, SAP Data Services,
Versions - 4.2, SAP AS ABAP(DMIS),
Versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752,
2020 SAP NetWeaver AS JAVA, Versions - 7.20, 7.30, 7.31,
7.40, 7.50 SAP NetWeaver
(Knowledge Management); Versions - 7.30, 7.31, 7.40,
7.50 SAP S4 HANA(DMIS),
Versions - 101, 102, 103, 104, 105
SAP Security Patch Day –
November 2020
Updates are available please see below reference link https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
24-11-2020
10
CVE-2020-3981,
CVE-2020-3982,
CVE-2020-3992,
CVE-2020-3993,
CVE-2020-3994,
CVE-2020-3995
VMWare
Multiple vulnerabilities in VMware ESXi,
Workstation, Fusion and NSX-T were privately reported to VMware.
Updates are available to remediate these
vulnerabilities in affected VMware products.
Multiple vulnerabilities in
VMware ESXi, Workstation,
Fusion and NSX-T were privately
reported to VMware. Updates
are available to remediate these vulnerabilities in affected VMware
products.
Updates are available please see below reference link https://www.vmware.com/security/advisories/VMSA-2020-0023.html
9
www.sattrix.com Copyright 2020 Sattrix. All Rights Reserved
For more information contact us at [email protected]