Intel, SAP, and Citrix release critical security updates
August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well.
Apple released iCloud for Windows updates and Google pushed out fixes to Chrome. They were followed by Intel, SAP and Citrix.
It’s not unusual for Intel to take advantage of a Patch Tuesday. This time they released 18 advisories.
Among the fixed flaws are:
- DoS, Information Disclosure and EoP flaws affecting Intel Wireless Bluetooth products on Windows, Chrome OS and Linux OS
- EoP flaws in the BIOS firmware for several Intel Server Board Families
- EoP flaws affecting the BIOS of a wide variety of (small-form-factor barebone computer kits)
- A critical and many high- and medium-risk bugs in some Intel Server Boards, Server Systems and Compute Modules
The German software corporation known for its enterprise software marked its Security Patch Day with the release of 15 security notes and an update to a previously released one (for the maximum severity RECON vulnerability – CVE-2020-6287 – in SAP NetWeaver AS JAVA).
Patches have been provided for flaws in a variety of offerings, including SAP ERP, SAP Business Objects Business Intelligence Platform, SAP S/4 HANA and various SAP NetWeaver components.
The most critical among the vulnerabilities fixed is CVE-2020-6284, a XSS vulnerability in the Knowledge Management component of NetWeaver AS.
Citrix has released patches for a set of vulnerabilities in certain on-premises instances of Citrix Endpoint Management (aka XenMobile Server).
They are critical for customers running XenMobile Server 10.12 before RP2, XenMobile Server 10.11 before RP4, XenMobile Server 10.10 before RP6, and XenMobile Server before 10.9 RP5.
“We recommend these upgrades be made immediately. While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit,” Citrix CISO Fermin Serna warned.