Remote Help

Serial number:AV26-547
Date: June 3, 2026
Updated: June 25, 2026

On June 3, 2026, Cisco published security advisories to address vulnerabilities in multiple products. Included was a critical update for the following:

• Cisco Unified Communications Manager (CM) Release 14 – versions prior to 14SU6
• Cisco Unified Communications Manager (CM) Release 15 – versions prior to 15SU5 (Sep 2026) or COP
• Cisco Unified Communications Manager Session Management Edition (CM SME) release 14 – versions prior to 14SU6
• Cisco Unified Communications Manager Session Management Edition (CM SME) release 15 – versions prior to 15SU5 (Sep 2026) or COP

Cisco has indicated that a proof-of-concept exploit code is available for CVE-2026-20230.

Update 1
On June 25, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20230 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
• Cisco Security Advisories
• CISA KEV: CVE-2026-20230

Serial number:AV26-633
Date:June 25, 2026

On June 25, 2026, HPE published a security advisory to address a critical vulnerability in the following product:

• HPE Telco Service Orchestrator – versions prior to v5.6.1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• HPESBNW05070 rev.1 - HPE Telco Service Orchestrator Software, Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number:AV26-632
Date:June 25, 2026

On June 24, 2026, HPE published a security advisory to address a vulnerability in the following product:

• HPE Unified Correlation Analyzer (UCA) – versions prior to 4.4.10

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBNW05073 rev.1 - HPE Telco Unified Correlation and Automation (UCA), Multiple Vulnerabilities
• HPE Security Bulletin Library

Serial number:AV26-631
Date: June 25, 2026

On June 24, 2026, Drupal published security advisories to address vulnerabilities in a number of products. Included were critical updates for the following:

• Geolocation Field – versions prior to 3.15.0
• WissKI – versions prior to 4.2.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062
• WissKI - Critical - Access bypass - SA-CONTRIB-2026-059
• Drupal Security Advisories

Serial number: AV26-630
Date: June 24, 2026

On June 24, 2026, GitLab published a security advisory to address vulnerabilities in the following products:

• GitLab Community Edition (CE) – versions prior to 19.1.1, 19.0.3 and 18.11.6
• GitLab Enterprise Edition (EE) – versions prior to 19.1.1, 19.0.3 and 18.11.6

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• GitLab Patch Release: 19.1.1, 19.0.3, 18.11.6
• GitLab Releases

Serial number:AV26-629
Date:June 24, 2026

On June 24, 2026, Jenkins published a security advisory to address vulnerabilities in the following products:

• Assembla Plugin – versions prior to 1.4
• External Workspace Manager Plugin – versions prior to 1.3.2
• OWASP ZAP Plugin – versions prior to 1.0.7
• Script Security Plugin – versions prior to 1402.v94c9ce464861

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• XXE vulnerability in Assembla Plugin
• Path traversal vulnerability in External Workspace Manager Plugin
• Builds executed on the Jenkins controller by OWASP ZAP Plugin can lead to RCE
• Script security bypass vulnerability in Script Security Plugin
• Sandbox bypass vulnerability in Script Security Plugin
• Jenkins Security Advisories