SAP© Security Advisories - 11 2019 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 12 and the highest CVSS score is 9.1.

Severity

SAP© Security advisories 12

System Types

Affected SAP© system types

_{Related note}
2816035

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0393] SQL injection vulnerability in SAP Quality Management

Security Advisory

_{Related note}
2814007

_CVSS
7.1

_{Affected system
type}
BI/BO platform

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Security Advisory

_{Related note}
2814357

_CVSS
5.9

_{Affected system
type}
Java

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java

Security Advisory

_{Related note}
2833771

_CVSS
6.5

_{Affected system
type}
SAP Enable Now

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Security Advisory

_{Related note}
2817937

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)

Security Advisory

_{Related note}
2835226

_CVSS
4.3

_{Affected system
type}
Java

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)

Security Advisory

_{Related note}
2840520

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)

Security Advisory

_{Related note}
2839864

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent

Security Advisory

_{Related note}
2842034

_CVSS
5.0

_{Affected system
type}
SAP Data Hub

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0390] Information Disclosure in SAP Data Hub

Security Advisory

_{Related note}
2828981

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

Security Advisory

_{Related note}
2819170

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

Description
[CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

Notifications

Severity

SAP© Security advisories 12

System Types

Affected SAP© system types

Related note 2816035

CVSS 5.4

Affected system type ABAP

Patchday2019-11

Released on2019/11/12

Related note 2814007

CVSS 7.1

Affected system type BI/BO platform

Patchday2019-11

Released on2019/11/12

Related note 2814357

CVSS 5.9

Affected system type Java

Patchday2019-11

Released on2019/11/12

Related note 2833771

CVSS 6.5

Affected system type SAP Enable Now

Patchday2019-11

Released on2019/11/12

Related note 2817937

CVSS 5.4

Affected system type BI/BO platform

Patchday2019-11

Released on2019/11/12

Related note 2835226

CVSS 4.3

Affected system type Java

Patchday2019-11

Released on2019/11/12

Related note 2840520

CVSS 6.3

Affected system type ABAP

Patchday2019-11

Released on2019/11/12

Related note 2839864

CVSS 9.1

Affected system type Java

Patchday2019-11

Released on2019/11/12

Related note 2842034

CVSS 5.0

Affected system type SAP Data Hub

Patchday2019-11

Released on2019/11/12

Related note 2828981

CVSS 6.3

Affected system type ABAP

Patchday2019-11

Released on2019/11/12

Related note 2819170

CVSS 4.3

Affected system type ABAP

Patchday2019-11

Released on2019/11/12

Related note 2393937

CVSS 7.1

Affected system type ABAP

Patchday2019-11

Released on2019/11/12

_{Related note}
2816035

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2814007

_CVSS
7.1

_{Affected system
type}
BI/BO platform

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2814357

_CVSS
5.9

_{Affected system
type}
Java

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2833771

_CVSS
6.5

_{Affected system
type}
SAP Enable Now

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2817937

_CVSS
5.4

_{Affected system
type}
BI/BO platform

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2835226

_CVSS
4.3

_{Affected system
type}
Java

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2840520

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2839864

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2842034

_CVSS
5.0

_{Affected system
type}
SAP Data Hub

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2828981

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2819170

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12

_{Related note}
2393937

_CVSS
7.1

_{Affected system
type}
ABAP

_Patchday
2019-11

_{Released
on}
2019/11/12