Security Advisories
We've created the first of its kind, ABEX Security Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 111 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 111
System Types
Affected SAP© system types
Affected system
type
SAP Cloud Commerce
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub
Affected system
type
SAP Success Factors
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6279] Missing Authorization Check in SAP SuccessFactors Recruiting
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6271] Missing XML Validation in SAP Solution Manager (Problem Context Manager)
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
Ghostcat' Apache Tomcat AJP Vulnerability in SAP Liquidity Management for Banking
Affected system
type
ABAP
Patchday
2020-06
Released
on
2020/06/09
Description
Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
Affected system
type
Adobe LiveCycle Designer
Patchday
2020-06
Released
on
2020/06/09
Description
Multiple vulnerabilities in Adobe LiveCycle Designer 11.0
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6259] Missing authorization check in SAP Adaptive Server Enterprise
Affected system
type
ABAP
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6262] Code Injection vulnerability in Service Data Download
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6243] Code Injection in SAP Adaptive Server Enterprise (XP Server on Windows Platform)
Affected system
type
SAP IDM
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6258] Missing Authorization check in SAP Identity Management
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6241] SQL Injection vulnerability in SAP Adaptive Server Enterprise
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6250] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6253] SQL Injection vulnerability in SAP Adaptive Server Enterprise (Web Services)
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6252] Information Disclosure in SAP Adaptive Server Enterprise (Cockpit)
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6248] Code injection in SAP Adaptive Server Enterprise (Backup Server)
Affected system
type
SAPGUI / Frontend
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6228] Missing Integrity Check in SAP BUSINESS CLIENT
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6227] Remote unauthenticated log injection in SAP Business Objects Business Intelligence Platform (CMS / Auditing issues)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6212] Missing Authorization Check in SAP ERP & S/4 HANA (Egypt localized Withholding Tax reports)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
Affected system
type
SAP Solution Manager
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6235] Missing authentication check in SAP Solution Manager (Diagnostics Agent )
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6217] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6214] Incorrect Authorization in SAP S/4HANA (Financial Products Subledger)
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6237] Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6229] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6224] Information Disclosure in SAP NetWeaver Application Server Java (HTTP Service)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6233] Missing Authorization Check in SAP S/4 HANA (Financial Products Subledger and Banking Services)
Affected system
type
SAP Landscape Management
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6236] Privilege Escalation in SAP Landscape Management (SAP Adaptive Extensions)
Affected system
type
SAP Host Agent
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6234] Privilege Escalation in SAP Host Agent
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce
Affected system
type
SAP Orient DB
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6232] Missing Authorization check in SAP Commerce
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6195] Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6216] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BILaunchpad/Opendocument)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP – Business Server Pages Test Application IT00
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6213]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB)
Affected system
type
ABAP
Patchday
2020-04
Released
on
2020/03/12
Description
Switchable Authorization checks in SAP Supplier Relationship Management
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6226] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6205] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Business Server Pages (Smart Forms)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
Missing Authorization check in Commercial Project Management
Affected system
type
SAP Enable Now
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6178] Insufficient session expiration in SAP Enable Now Manager
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6199] Missing Authorization check in SAP ERP and S/4 HANA (MENA Certificate Management)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6210] Cross-Site Scripting (XSS) vulnerability in SAP Fiori Launchpad
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
Directory traversal in SAP Environment Health and Safety
Affected system
type
SAP Commerce Cloud
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6200] Cross-Site-Scripting in SAP Commerce Cloud (SmartEdit extension)
Affected system
type
SAP Commerce Cloud
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6201] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud (testweb extension)
Affected system
type
ABAP Development Tools
Patchday
2020-03
Released
on
2020/03/10
Description
Missing XML Validation vulnerability in ABAP Development Tools
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6202] Missing XML Validation in SAP NetWeaver Application Server Java (User Management Engine)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
Affected system
type
SAP MaxDB
Patchday
2020-03
Released
on
2018/08/14
Description
[CVE-2018-2450] SQL Injection Vulnerability in SAP MaxDB/liveCache
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)
Affected system
type
BI/BO platform
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6196] Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService)
Affected system
type
ABAP
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6204] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
SAP Enable Now
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6197] Insufficient session expiration in SAP Enable Now Manager
Affected system
type
SAP Disclosure Management
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6209] Missing Authorization check in SAP Disclosure Management
Affected system
type
SAP CPI DS
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6206] Cross-Site Request Forgery in SAP Cloud Platform Integration for data services
Affected system
type
BI/BO platform
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6208] Remote Code Execution in SAP Business Objects Business Intelligence Platform (Crystal Reports)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
Update 1 to Security Note 2736825 - [CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
Affected system
type
SAP Mobile Platform
Patchday
2020-02
Released
on
2020/01/14
Description
Missing Authorization Check in SAP Mobile Platform Native SDK, Android
Affected system
type
ABAP
Patchday
2020-02
Released
on
2014/09/17
Description
Missing authorization check in IS-B-BCA-AM
Affected system
type
SAP Landscape Management
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6192] Missing Input Validation in SAP Landscape Management
Affected system
type
SAP Host Agent
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6183] Unprivileged Access to technical data using SAPOSCOL of SAP Host Agent
Affected system
type
SAP Host Agent
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6186] Denial of Service (DOS) Vulnerability in SAP Host Agent
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6181] HTTP Response Splitting vulnerability in SAP NetWeaver and ABAP Platform
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
Missing authorization check in Dangerous Goods Management of EHS Services in SCM
Affected system
type
SAP Landscape Management
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6191] Missing Input Validation in SAP Landscape Management
Affected system
type
BI/BO platform
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6189] Information Disclosure in SAP BusinessObjects BI Central Management Console
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6193]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Knowledge Management ICE Service)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6188] Missing Authorization check in SAP ERP and S/4 HANA (VAT Pro-Rata reports)
Affected system
type
SAP Mobile Platform
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6177] Missing XML Validation vulnerability in SAP Mobile Platform
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/01/14
Description
Missing Authorization check in SAP NetWeaver (ABAP Server)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6184 ]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver and SAP S/4HANA
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6190]Information Disclosure in SAP NetWeaver AS Java (Heap Dump Application)
Affected system
type
ABAP
Patchday
2020-02
Released
on
2019/03/12
Description
[CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
Affected system
type
SAPGUI / Frontend
Patchday
2020-02
Released
on
2018/04/10
Description
Security updates for the browser control Google Chromium delivered with SAP Business Client
Affected system
type
Java
Patchday
2020-02
Released
on
2020/02/11
Description
[CVE-2020-6187]Missing XML Validation vulnerability in SAP NetWeaver(Guided Procedures)
Affected system
type
Kernel
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6304] Denial of service (DOS) in SAP NetWeaver Internet Communication Manager
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
Missing authorization check in Transaction Manager
Affected system
type
ABAP
Patchday
2020-01
Released
on
2019/11/12
Description
[CVE-2019-0388] Content spoofing vulnerability in UI5 HTTP Handler
Affected system
type
ABAP
Patchday
2020-01
Released
on
2016/07/12
Description
Whitelist service for Clickjacking Framing Protection in AS ABAP
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6306] Missing Authorization check in SAP Leasing
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
Switchable Authorization checks for RFC in SAP Leasing
Affected system
type
Realtech
Patchday
2020-01
Released
on
2020/01/14
Description
Missing Authorization check in Realtech RTCISM 100
Affected system
type
SAP Disclosure Management
Patchday
2020-01
Released
on
2020/01/13
Description
[CVE-2020-6303] Improper input validation in SAP Disclosure Management
Affected system
type
Java
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6305] Cross-Site Scripting (XSS) vulnerability in Rest Adapter of SAP Process Integration
Affected system
type
ABAP
Patchday
2020-01
Released
on
2020/01/14
Description
[CVE-2020-6307] Missing Authorization Check in Automated Note Search Tool (SAP_BASIS)
Affected system
type
ABAP
Patchday
2020-01
Released
on
2019/12/24
Description
Multiple security vulnerabilities in SAP EAM, add-on for MRO 4.0 by HCL for SAP S/4HANA 1809
Affected system
type
SAP Enable Now
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911
Affected system
type
SAP Adaptive Server Enterprise (ASE)
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
Java
Patchday
2019-12
Released
on
2019/12/10
Description
Information Disclosure in PI Axis Adapter
Affected system
type
Java
Patchday
2019-12
Released
on
2019/12/10
Description
Upgrade SSL support to TLSv1.2
Affected system
type
BI/BO platform
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/12/10
Description
Missing Authorization Check in SAP Cash Management
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0399] Potential Information Disclosure in SAP Portfolio and Project Management
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/11/26
Description
Missing Authorization Check in S/4Hana ACR Brazil Option Features
Affected system
type
BI/BO platform
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
BI/BO platform
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
SAP Enable Now
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
VMC Authority Check
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java
Affected system
type
BI/BO platform
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent
Affected system
type
SAP Data Hub
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0390] Information Disclosure in SAP Data Hub
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0393] SQL injection vulnerability in SAP Quality Management
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)
Affected system
type
Java
Patchday
2019-05
Released
on
2006/07/07
Description
Detailed error messages with stack trace in Web Dynpro