Monthly Patches are out for SAP and Siemens, with one SAP patch rating Critical. New Alerts for F5 and Linux.
Schneider Electric, Microsoft, Adobe, and Oracle patches will come out later today.
The Hot News SAP patch affects Internet facing SAP systems, and earned an Alert Notice from CISA, urging to patch within 24 hours.
We have raised the Overall Alert state to Increased based on the nature of the SAP and Siemens patches, and the expectation of four more vendors with large patch sets reporting later today.
Critical Vulnerability in SAP NetWeaver AS Java | CISA
On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.