In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated. The incompleteness of the patches was discovered by Watchcom researchers – who discovered and disclosed the batch of vulnerabilities made public in September – after one of their clients requested they verify the effectiveness of Cisco’s patches.

Read full article on Help Net Security