We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
We hope you enjoy using it!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 9.0.
Severity
SAP© Security advisories 19
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6301] Missing Authorization check in SAP ERP (HCM Travel Management)
Affected system
type
SAP Commerce
Patchday
2020-08
Released
on
2020/08/11
Description
Vulnerabilities in open source libraries used in SAP Commerce
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6294] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6273] Missing Authorization check in SAP S/4 HANA (Fiori UI for General Ledger Accounting)
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6293] Unrestricted File Upload in SAP NetWeaver (Knowledge Management)
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6309] Missing Authentication check in SAP NetWeaver AS JAVA
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
BI Platform stores SAP BW Authentication Password as clear text
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6310] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
Lumira Designer
Patchday
2020-08
Released
on
2020/08/11
Description
Potential information disclosure in Lumira Designer
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
Missing Authorization check in TSW Supply Chain Visualization
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6298] Missing Authorization check in SAP Banking Services (Generic Market Data)
Affected system
type
BI/BO platform
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6300] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console)
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6296] Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform
Affected system
type
SAP Adaptive Server...
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6295] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
ABAP
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6299] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
SAP Data Hub
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6297] Information Disclosure in SAP Data Intelligence
Affected system
type
Java
Patchday
2020-08
Released
on
2018/06/15
Description
Checking server certificates and host name of managed systems
Affected system
type
SAP GUI / Frontend
Patchday
2020-08
Released
on
2020/08/11
Description
Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5