[Pansophy] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE
Valerie Bookwalter
bookwalt at jlab.org
Tue Apr 14 13:36:28 EDT 2020
Kari / Bobby,
The Pansophy Team has been working on getting our software updated. We are close to being ready to convert. We should be ready by Friday.
So, what steps do I need to take to prepare for the server conversion?
We are working on pansophydev-2018.jlab.org CF2018.
We are utilizing github so we will have to clone the new repository.
I would like to upgrade our development server first to make sure we understand all the steps that need to be taken (pansophydev.jlab.org). Test and then upgrade the production server (pansophy.jlab.org).
We had to create a new virtual server for this version of CF. There were several people involved to put all the pieces in place.
Will you let me know how I should proceed to request this upgrade and an estimate of time-frame to complete so that I can inform my supervisors and we can prepare our users for the upgrade?
Thank You.
Valerie (Pansophy Team)
________________________________
From: Kari Heffner <heffner at jlab.org>
Sent: Tuesday, March 24, 2020 5:38 PM
To: Valerie Bookwalter <bookwalt at jlab.org>
Cc: Bobby Lawrence <robertl at jlab.org>
Subject: FW: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE
Valerie, see the below for important security updates for the pansophy ColdFusion server. There are no updates for CF10 and so you need to be on a supported version of CF. In order to get your servers updated, bobby needs to get you all to the new server version he installed a while ago. When do you think that can happen?
Thanks!
Kari
From: Bobby Lawrence <robertl at jlab.org>
Sent: Tuesday, March 24, 2020 4:54 PM
To: Kari Heffner <heffner at jlab.org>; Dana Cochran <cochran at jlab.org>
Subject: FW: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE
Looks like we have CF updates to do. I just logged into miswebvm1 and there is an update available to apply
From: Greg Nowicki <gnowicki at jlab.org<mailto:gnowicki at jlab.org>>
Sent: Tuesday, March 24, 2020 4:50 PM
To: Bobby Lawrence <robertl at jlab.org<mailto:robertl at jlab.org>>
Cc: David Sheppard <sheppard at jlab.org<mailto:sheppard at jlab.org>>; secops at jlab.org<mailto:secops at jlab.org>; seclog at jlab.org<mailto:seclog at jlab.org>
Subject: Fw: MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE
FYI. Looks like we have some serious vulnerabilities in ColdFusion.
Greg
________________________________
From: MS-ISAC Advisory <MS-ISAC.Advisory at msisac.org<mailto:MS-ISAC.Advisory at msisac.org>>
Sent: Wednesday, March 18, 2020 21:49
To: Thomas Duffy <Thomas.Duffy at cisecurity.org<mailto:Thomas.Duffy at cisecurity.org>>
Subject: [EXTERNAL] MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Adobe Acrobat and Reader Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17) - PATCH: NOW - TLP: WHITE
TLP: WHITE
MS-ISAC CYBERSECURITY ADVISORY
MS-ISAC ADVISORY NUMBER:
2020-039
DATE(S) ISSUED:
03/18/2020
SUBJECT:
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution (APSB20-14, 16, 17)
OVERVIEW:
Multiple vulnerabilities have been discovered in Adobe Photoshop, ColdFusion, and Bridge that could allow for arbitrary code execution. Adobe Photoshop is a graphics editor program. Adobe Bridge is a file management application that manages files across multiple Adobe programs. Adobe ColdFusion is a rapid web-application development platform used to create and maintain web applications. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
THREAT INTELLIGENCE:
There are no reports of these vulnerabilities being exploited in the wild.
SYSTEMS AFFECTED:
* Adobe Bridge version 10.0 and earlier versions
* Adobe ColdFusion 2016 Update 13 and earlier versions
· Adobe ColdFusion 2018 Update 7 and earlier versions
* Adobe Photoshop CC 2019 version 20.0.8 and earlier versions
* Adobe Photoshop 2020 version 21.1 and earlier versions
RISK:
Government:
· Large and medium government entities: High
· Small government entities: Medium
Businesses:
· Large and medium business entities: High
· Small business entities: Medium
Home users: Low
TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Adobe Photoshop, ColdFusion, and Bridge that could allow for arbitrary code execution. The vulnerabilities are as follows:
* Out-of-bounds write vulnerability could allow for Arbitrary Code Execution. (CVE-2020-9551)
· Heap-based buffer overflow vulnerability could allow for Arbitrary Code Execution. (CVE-2020-9552)
· Remote file read vulnerability could allow for Arbitrary File Read from the ColdFusion install directory. (CVE-2020-3761)
· File inclusion vulnerability could allow for Arbitrary Code Execution of files located in the webroot or its subdirectory (CVE-2020-3794)
· Heap corruption vulnerability that could allow for Arbitrary Code Execution. (CVE-2020-3783)
· Multiple Memory corruption vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, CVE-2020-3789, CVE-2020-3790)
· Multiple Out-of-bounds read vulnerabilities that could allow for Information Disclosure. (CVE-2020-3771, CVE-2020-3777, CVE-2020-3778, CVE-2020-3781, CVE-2020-3782, CVE-2020-3791)
· Multiple Out-of-bounds write vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3773, CVE-2020-3779)
· Multiple Buffer errors vulnerabilities that could allow for Arbitrary Code Execution. (CVE-2020-3770, CVE-2020-3772, CVE-2020-3774, CVE-2020-3775, CVE-2020-3776, CVE-2020-3780)
Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
· Install updates provided by Adobe and related Coldfusion JDK/JRE versions immediately after appropriate testing.
· Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
· Remind users not to visit websites or follow links provided by unknown or untrusted sources.
· Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
· Apply the Principle of Least Privilege to all systems and services.
REFERENCES:
ADOBE:
https://helpx.adobe.com/security.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8L4VaFdWBML2rV7ll5Prvn-Ln1YNGftY5mc3JZGy1AQ&e=>
https://helpx.adobe.com/security/products/bridge/apsb20-17.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_bridge_apsb20-2D17.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=gz5y_UMZu6dh-mpYEHeqyJCYMojsx6CUqESdq3ICobk&e=>
https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_coldfusion_apsb20-2D16.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=QVHvwCuB-h-oFtN0a9Qj0y8-osjlOOjC1D9AX_RFt8o&e=>
https://helpx.adobe.com/security/products/photoshop/apsb20-14.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__helpx.adobe.com_security_products_photoshop_apsb20-2D14.html&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=SGbb-4HsGR6HZYhh6ia9QlvUHVFUqqiITCNWAURdDxU&e=>
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3761<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3761&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=GFNcPCmgiVNGfLU2ZRQqyZNRQhfRy7ZfzbXMflN6U-0&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3770<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3770&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=KwWSmgI0CB1PcuGE2f0l08FTg1TKzrIkZ6OEZWPXDYk&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3771<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3771&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=P1bfT5UbNLbqB8HExhu0oQZm7eRk6ELRP3kkDhgp4kY&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3772<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3772&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8Fjuv3Y4FCHe2CiLCsbe-IE0H6MStlQoknbv6L_7Y7Q&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3773<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3773&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=LLxmvx25QJxvD0DY-1VFFQvP-Mfe2W2hFhHfoxWZ78Q&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3774<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3774&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=5meBk8mvpV3zSXN49pAv3Cg8rVmJBjabay4uLZUuOfU&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3775<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3775&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=wK9ELuhpGKU-GzpmwkyzYapd2iE2qwPGZ85gvVid4zQ&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3776<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3776&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=OG66tOQI0EX6_fm6R8Y1uhwRzCaxx3N9E55heCf1tbo&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3777<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3777&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=bDtEI37fzBqOVt3_eOVCm6eem83aXQVe1NF0hDAQWE0&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3778<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3778&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=n6Z0WNu9nRpiFySoKGoarswPH7ggZJvXiYDjtHXPMmw&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3779<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3779&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=G3SS3YmyofAwxkC7tP6NFhdZEcgOzOv02cpA46cqy7k&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3780<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3780&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=m-eSXj2o1_vLJnNegnN-F3UozUJhm75vdGz1X1a8eKo&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3781<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3781&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=-4XHeIsMOrxgQZx1bOgzfVv7UY434eHn-vNx4E7rw2g&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3782<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3782&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=qlh6vHVWrDV4Gwo2_HH0dl5OPWfTSxhPhudJ1KTT2Eo&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3783<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3783&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=_AE2zZN6UtUdQiSr493rGA0bj9z-aiKegD8HiPlh9po&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3784<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3784&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=L7ZfjWVAi-VqxJEMDPOfJFEEwgOgYLk0FppXyhhOcpM&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3785<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3785&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=bXrSK6Jz-XXFod04wR8fPcr9el9qlDVM51smbs31cAI&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3786<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3786&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=jsqumk0Es9iAnTO6wSyO0IyMOcxRnnwa-TkzbfDER3w&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3787<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3787&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=W90p9yO0EPzMP08p9GR93BEGUkdNRWHWbmTQS7C5BcQ&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3788<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3788&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=UdUAlpjJ0-eQxF76yxa-UdPC2SFXulrjEbCtabhsodY&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3789<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3789&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=u2paLgtvtlJRRAA6gXJaAaCZtN6ILoBcr7HYCleP4d8&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3790<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3790&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=LUPJ3GTw1Yw6BglFEK3nPNXXvMTi4mG8AAq6z5ghKsQ&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3791<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3791&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=jyj-SUl2JHz1lSyZI3etRro716Ur23Vg7L9hSS2FURI&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3794<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D3794&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=RHpI2Rfl7cU3Fp23TYQuRqhRUgjXz5fIL8Qonu1kvXQ&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9551<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D9551&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=F7QCfETGEHTi3ZIqg1OwwZF6CZlOdj457mvm0gYHndc&e=>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9552<https://urldefense.proofpoint.com/v2/url?u=http-3A__cve.mitre.org_cgi-2Dbin_cvename.cgi-3Fname-3DCVE-2D2020-2D9552&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=8EgkLfA8VKgFO1UHRo5-DFNHoJAKyKScp7nC9ULtDTA&e=>
24×7 Security Operations Center
Multi-State Information Sharing and Analysis Center (MS-ISAC)
Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
SOC at cisecurity.org<mailto:SOC at cisecurity.org> - 1-866-787-4722
[cid:image001.jpg at 01D40C67.01A3BDE0]
[cid:image002.png at 01D291DE.F838E090]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com_CenterforIntSec_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=E_x3D_2BAVbE2Rf8feq2NgaceAjBx01bX9YZJLovbc4&e=>[cid:image003.png at 01D291DE.F838E090]<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_CISecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=lFdse_-DieTBN9Jwgw7eZVSq7MxI0eFI4MkWOItW2vI&e=>[cid:image004.png at 01D291DE.F838E090]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_user_TheCISecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=3PL2tQmINgFo33iwlKosj2RhzRCFJnZwUMYX4Jbuo-A&e=>[cid:image005.png at 01D291DE.F838E090]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_the-2Dcenter-2Dfor-2Dinternet-2Dsecurity_&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=Th5-sV6QIeEgwl8550_6E0o_luiEaQAJBsBseT5EMaw&m=rBe7oCEj6Pahv47YeitTNPqJw_L2oX01sINjSIB6nJQ&s=KrO7lzwBzM3k4BhinlHzCilRM2mC-n1G5aMKKO68JJM&e=>
TLP: WHITE
Disclosure is not limited. Subject to standard copyright rules, TLP: WHITE information may be distributed without restriction.
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20200414/c855150f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4343 bytes
Desc: image001.jpg
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20200414/c855150f/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1355 bytes
Desc: image002.png
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20200414/c855150f/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1475 bytes
Desc: image003.png
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20200414/c855150f/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 1339 bytes
Desc: image004.png
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20200414/c855150f/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 1396 bytes
Desc: image005.png
URL: <https://mailman.jlab.org/pipermail/pansophy/attachments/20200414/c855150f/attachment-0007.png>
More information about the Pansophy
mailing list