We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 19
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2020-02
Released
on
2014/09/17
Description
Missing authorization check in IS-B-BCA-AM
Affected system
type
BI/BO platform
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6189] Information Disclosure in SAP BusinessObjects BI Central Management Console
Affected system
type
SAP Mobile Platform
Patchday
2020-02
Released
on
2020/01/14
Description
Missing Authorization Check in SAP Mobile Platform Native SDK, Android
Affected system
type
SAP Host Agent
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6183] Unprivileged Access to technical data using SAPOSCOL of SAP Host Agent
Affected system
type
SAP Host Agent
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6186] Denial of Service (DOS) Vulnerability in SAP Host Agent
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6193]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Knowledge Management ICE Service)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6181] HTTP Response Splitting vulnerability in SAP NetWeaver and ABAP Platform
Affected system
type
SAP Landscape Management
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6191] Missing Input Validation in SAP Landscape Management
Affected system
type
SAP Mobile Platform
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6177] Missing XML Validation vulnerability in SAP Mobile Platform
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/01/14
Description
Missing Authorization check in SAP NetWeaver (ABAP Server)
Affected system
type
SAP GUI / Frontend
Patchday
2020-02
Released
on
2018/04/10
Description
Security updates for the browser control Google Chromium delivered with SAP Business Client
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6184 ]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver and SAP S/4HANA
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6190]Information Disclosure in SAP NetWeaver AS Java (Heap Dump Application)
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6187]Missing XML Validation vulnerability in SAP NetWeaver(Guided Procedures)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2019/03/12
Description
[CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
Affected system
type
SAP Landscape Management
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6192] Missing Input Validation in SAP Landscape Management
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
Update 1 to Security Note 2736825 - [CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
Missing authorization check in Dangerous Goods Management of EHS Services in SCM
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6188] Missing Authorization check in SAP ERP and S/4 HANA (VAT Pro-Rata reports)