UCSF IT Technology

VMware has released a security advisory to address a High vulnerability in Workstation, Fusion, and ESXi. An attacker could exploit this vulnerability to take control of an affected system For a complete description of the vulnerabilities and effected systems, visit VMware Security Advisory. Read more about IT Security service offerings.

VMware has released a security advisory to address a critical vulnerability in Workspace ONE UEM console. An attacker could exploit this vulnerability to obtain sensitive information.  For a complete description of the vulnerabilities and effected systems, visit VMware Security Advisory VMSA-2021-0029

Apache has released an Important security update to address a second vulnerability in the Apache Log4j utility. Patch 2.16.0 has been released since the previous patch 2.15.0 did not fully remediate the vulnerability. A remote attacker could exploit this new vulnerability to cause a Denial of Service (DoS) attack.

The SAP Team has released its December 2021 security updates to address vulnerabilities in various SAP products. A remote attacker could exploit some of these vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit SAP Security Patch Day – December 2021.

Apple has released security updates to address vulnerabilities in multiple products. These updates protect against remote attackers using the vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Apple security updates.

CISA has released an Industrial Controls Systems Medical Advisory (ICSMA) detailing a vulnerability in multiple Hillrom Welch Allyn cardiology products. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit ICSMA-21-343-01: Hillrom Welch Allyn Cardio Products.

Zoho has released critical security updates to address vulnerabilities that is being actively exploited in ManageEngine Desktop and Desktop Central MSP. A remote attacker could exploit this vulnerability to take control of an affected system.

Apache has released a Critical security update to address a zero-day vulnerability that is being actively exploited in the Apache Log4j utility. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit Apache Log4j vulnerability.

SonicWall has released a security advisory to address Critical and Medium Vulnerabilities in SonicWall SMA 100 series appliances. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and effected systems, visit SonicWall product security notice.

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a critical vulnerability in Zoho ManageEngine ServiceDesk Plus. A remote attacker could exploit this vulnerability to take control of an affected system For a complete description of the vulnerabilities and effected systems, visit: