Oracle E-Business Suite Web Interface 1010730* - Oracle E-Business Suite 'ozfVendorLov' SQL Injection Information Disclosure Vulnerability (CVE-2020-14876)
Web Client Common 1010877 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-09) - 4
Web Client HTTPS 1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
Web Server Common 1010867 - Apache ActiveMQ Web Console Reflected Cross-Site Scripting Vulnerability (CVE-2020-13947)
Web Server HTTPS 1010868* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27065) 1010870* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-27065) - 1 1010850* - VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21972 and CVE-2021-21973) 1010875 - rConfig 'vendor.crud.php' Arbitrary File Upload Vulnerability (CVE-2020-12255)
Windows SMB Server 1010884 - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)
Integrity Monitoring Rules:
1010855* - Microsoft Exchange - HAFNIUM Targeted Vulnerabilities
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Our two-year research provides insights into the life cycle of exploits, the types of exploit buyers and sellers, and the business models that are reshaping the underground exploit market.
Malicious attacks have consistently been launched on weak points in the supply chain. Like all attacks, these will evolve into more advanced forms. Software development, with multiple phases that could be placed at risk, is particularly vulnerable.