Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Hey there! Glad you made it.
We have found 11 security advices for you to review.

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

_{Related note}
2165892

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

Description
Missing authorization check in Transaction Manager

Security Advisory

_{Related note}
2863743

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2020-01

_{Released
on}
2020/01/14

Description
[CVE-2020-6305] Cross-Site Scripting (XSS) vulnerability in Rest Adapter of SAP Process Integration

Security Advisory

_{Related note}
2871877

_CVSS
8.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2019/12/24

Description
Multiple security vulnerabilities in SAP EAM, add-on for MRO 4.0 by HCL for SAP S/4HANA 1809

Security Advisory

_{Related note}
2772325

_CVSS
5.4

_{Affected system
type}
SAP Disclosure Management

_Patchday
2020-01

_{Released
on}
2020/01/13

Description
[CVE-2020-6303] Improper input validation in SAP Disclosure Management

Security Advisory

_{Related note}
2845401

_CVSS
5.4

_{Affected system
type}
Realtech

_Patchday
2020-01

_{Released
on}
2020/01/14

Description
Missing Authorization check in Realtech RTCISM 100

Security Advisory

_{Related note}
2865348

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

Description
[CVE-2020-6306] Missing Authorization check in SAP Leasing

Security Advisory

_{Related note}
2843016

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2019/11/12

Description
[CVE-2019-0388] Content spoofing vulnerability in UI5 HTTP Handler

Security Advisory

_{Related note}
2863397

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

Description
[CVE-2020-6307] Missing Authorization Check in Automated Note Search Tool (SAP_BASIS)

Security Advisory

_{Related note}
2142551

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2016/07/12

Description
Whitelist service for Clickjacking Framing Protection in AS ABAP

Security Advisory

_{Related note}
2495462

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

Description
Switchable Authorization checks for RFC in SAP Leasing

Security Advisory

_{Related note}
2848498

_CVSS
5.9

_{Affected system
type}
Kernel

_Patchday
2020-01

_{Released
on}
2020/01/14

Description
[CVE-2020-6304] Denial of service (DOS) in SAP NetWeaver Internet Communication Manager

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 11

System Types

Affected SAP© system types

Related note 2165892

CVSS 6.3

Affected system type ABAP

Patchday2020-01

Released on2020/01/14

Related note 2863743

CVSS 6.1

Affected system type Java

Patchday2020-01

Released on2020/01/14

Related note 2871877

CVSS 8.3

Affected system type ABAP

Patchday2020-01

Released on2019/12/24

Related note 2772325

CVSS 5.4

Affected system type SAP Disclosure Management

Patchday2020-01

Released on2020/01/13

Related note 2845401

CVSS 5.4

Affected system type Realtech

Patchday2020-01

Released on2020/01/14

Related note 2865348

CVSS 2.7

Affected system type ABAP

Patchday2020-01

Released on2020/01/14

Related note 2843016

CVSS 4.3

Affected system type ABAP

Patchday2020-01

Released on2019/11/12

Related note 2863397

CVSS 4.3

Affected system type ABAP

Patchday2020-01

Released on2020/01/14

Related note 2142551

CVSS 4.3

Affected system type ABAP

Patchday2020-01

Released on2016/07/12

Related note 2495462

CVSS 6.3

Affected system type ABAP

Patchday2020-01

Released on2020/01/14

Related note 2848498

CVSS 5.9

Affected system type Kernel

Patchday2020-01

Released on2020/01/14

_{Related note}
2165892

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

_{Related note}
2863743

_CVSS
6.1

_{Affected system
type}
Java

_Patchday
2020-01

_{Released
on}
2020/01/14

_{Related note}
2871877

_CVSS
8.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2019/12/24

_{Related note}
2772325

_CVSS
5.4

_{Affected system
type}
SAP Disclosure Management

_Patchday
2020-01

_{Released
on}
2020/01/13

_{Related note}
2845401

_CVSS
5.4

_{Affected system
type}
Realtech

_Patchday
2020-01

_{Released
on}
2020/01/14

_{Related note}
2865348

_CVSS
2.7

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

_{Related note}
2843016

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2019/11/12

_{Related note}
2863397

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

_{Related note}
2142551

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2016/07/12

_{Related note}
2495462

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2020-01

_{Released
on}
2020/01/14

_{Related note}
2848498

_CVSS
5.9

_{Affected system
type}
Kernel

_Patchday
2020-01

_{Released
on}
2020/01/14