Tripwire‘s October 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, Adobe, and Oracle.

First on the patch priority list this month is a very high priority vulnerability in Oracle WebLogic Server. The vulnerability is within the Console component of Oracle WebLogic Server, and it can be exploited without authentication and requires no user interaction. Proof-of-concept code is available and does not require significant expertise in order to exploit a vulnerable server. Supported versions of Oracle WebLogic Server that are affected include,,, and

Next on the list are 3 vulnerabilities that have recently been included within the Metasploit exploit framework. First is a patch for Microsoft SharePoint (CVE-2020-16952). It is a remote code execution vulnerability that exists due to a server-side include (SSI) weakness. The next are two vulnerabilities that impact Apple software. CVE-2020-9856 is a vulnerability that exists in the CVMS component of macOS Catalina 10.15.5. The second (CVE-2020-9850) is a vulnerability that exists in WebKit for various Apple products, and it is addressed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19.

Up next on the patch priority list this month are patches for Microsoft Edge (Chromium-Based). These patches resolve 24 vulnerabilities that exist due to issues such as use after free, inappropriate implementation, insufficient policy enforcement, and integer overflow

Up next is a patch for Adobe Flash Player, which resolves an arbitrary code execution vulnerability due to a NULL pointer dereference.

Next are patches for Oracle Java, which resolve (Read more...)