Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 12 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 12
System Types
Affected SAP© system types
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26836] Open Redirect in SAP Solution Manager (Trace Analysis)
Affected system
type
SAP Disclosure Management
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26828] Formula Injection in SAP Disclosure Management
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26832] Missing Authorization check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation)
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26826] Unrestricted File Upload vulnerability in SAP NetWeaver Application Server for Java (Process Integration Monitoring)
Affected system
type
BI/BO platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
Affected system
type
HANA Platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26834 ] Improper authentication in SAP HANA database
Affected system
type
SAP Solution Manager
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26837] Multiple Vulnerabilities in SAP Solution Manager 7.2 (User Experience Monitoring)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26835] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/11/24
Description
Missing Authorization check in S/4HANA (Central Finance)
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service)