SAP© Security Advisories - 11 2020 - SecurityBridge Cloud Platform

We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.
We hope you enjoy using it!

× Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest CVSS score is 10.0.

Severity

SAP© Security advisories 16

System Types

Affected SAP© system types

_{Related note}
2979062

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)

Security Advisory

_{Related note}
2971112

_CVSS
4.4

_{Affected system
type}
SAP ERP Client for E-Bilanz

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0

Security Advisory

_{Related note}
2975189

_CVSS
7.5

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26809] Information Disclosure in SAP Commerce Cloud

Security Advisory

_{Related note}
2985866

_CVSS
10.0

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)

Security Advisory

_{Related note}
2973735

_CVSS
9.1

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/11

Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)

Security Advisory

_{Related note}
2264508

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/10/27

Description
SQL Injection in SAF-T Portugal

Security Advisory

_{Related note}
2975170

_CVSS
7.5

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock)

Security Advisory

_{Related note}
2944188

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA

Security Advisory

_{Related note}
2319577

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/10/27

Description
SQL Injection in SAF-T Portugal

Security Advisory

_{Related note}
2984627

_CVSS
8.6

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26815] Security Vulnerabilities in SAP Fiori Launchpad (NewsTile Application)

Security Advisory

_{Related note}
2947891

_CVSS
3.0

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
Missing Authorization check in Disbursement Read API used in Read Disbursement Webservice

Security Advisory

_{Related note}
2971954

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro)

Security Advisory

_{Related note}
2824209

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
Clickjacking vulnerability in SAP Process Integration (Integration Builder Framework)

Security Advisory

_{Related note}
2982840

_CVSS
9.8

_{Affected system
type}
SAP Data Services

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
Multiple Vulnerabilities in SAP Data Services

Security Advisory

_{Related note}
2952084

_CVSS
4.9

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On)

Security Advisory

_{Related note}
2985094

_CVSS
4.3

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2020-11

_{Released
on}
2020/11/10

Description
[CVE-2020-26817] Improper input validation in Visual Enterprise Viewer

Security Advisory

Notifications

Severity

SAP© Security advisories 16

System Types

Affected SAP© system types

Related note 2979062

CVSS 9.1

Affected system type Java

Patchday2020-11

Released on2020/11/10

Related note 2971112

CVSS 4.4

Affected system type SAP ERP Client for E-Bilanz

Patchday2020-11

Released on2020/11/10

Related note 2975189

CVSS 7.5

Affected system type SAP Commerce Cloud

Patchday2020-11

Released on2020/11/10

Related note 2985866

CVSS 10.0

Affected system type Java

Patchday2020-11

Released on2020/11/10

Related note 2973735

CVSS 9.1

Affected system type ABAP

Patchday2020-11

Released on2020/11/11

Related note 2264508

CVSS 5.4

Affected system type ABAP

Patchday2020-11

Released on2020/10/27

Related note 2975170

CVSS 7.5

Affected system type SAP Commerce Cloud

Patchday2020-11

Released on2020/11/10

Related note 2944188

CVSS 4.3

Affected system type ABAP

Patchday2020-11

Released on2020/11/10

Related note 2319577

CVSS 5.4

Affected system type ABAP

Patchday2020-11

Released on2020/10/27

Related note 2984627

CVSS 8.6

Affected system type ABAP

Patchday2020-11

Released on2020/11/10

Related note 2947891

CVSS 3.0

Affected system type ABAP

Patchday2020-11

Released on2020/11/10

Related note 2971954

CVSS 6.5

Affected system type ABAP

Patchday2020-11

Released on2020/11/10

Related note 2824209

CVSS 5.4

Affected system type Java

Patchday2020-11

Released on2020/11/10

Related note 2982840

CVSS 9.8

Affected system type SAP Data Services

Patchday2020-11

Released on2020/11/10

Related note 2952084

CVSS 4.9

Affected system type Java

Patchday2020-11

Released on2020/11/10

_{Related note}
2979062

_CVSS
9.1

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2971112

_CVSS
4.4

_{Affected system
type}
SAP ERP Client for E-Bilanz

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2975189

_CVSS
7.5

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2985866

_CVSS
10.0

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2973735

_CVSS
9.1

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/11

_{Related note}
2264508

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/10/27

_{Related note}
2975170

_CVSS
7.5

_{Affected system
type}
SAP Commerce Cloud

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2944188

_CVSS
4.3

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2319577

_CVSS
5.4

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/10/27

_{Related note}
2984627

_CVSS
8.6

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2947891

_CVSS
3.0

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2971954

_CVSS
6.5

_{Affected system
type}
ABAP

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2824209

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2982840

_CVSS
9.8

_{Affected system
type}
SAP Data Services

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2952084

_CVSS
4.9

_{Affected system
type}
Java

_Patchday
2020-11

_{Released
on}
2020/11/10

_{Related note}
2985094

_CVSS
4.3

_{Affected system
type}
SAP 3D Visual Enterprise

_Patchday
2020-11

_{Released
on}
2020/11/10