Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 22 and the highest CVSS score is 9.1.

 

 Severity
SAP© Security advisories 22
 System Types
Affected SAP© system types

 

Related note
2734675
CVSS
6.3

Affected system type
ABAP
Patchday
2019-12
Released on
2019/12/10

Description
Missing Authorization Check in SAP Cash Management

 

Related note
2803554
CVSS
5.3

Affected system type
ABAP
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0399] Potential Information Disclosure in SAP Portfolio and Project Management

 

Related note
2814462
CVSS
5.3

Affected system type
ABAP
Patchday
2019-12
Released on
2019/11/26

Description
Missing Authorization Check in S/4Hana ACR Brazil Option Features

 

Related note
2830578
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)

 

Related note
2845183
CVSS
5.3

Affected system type
SAP Enable Now
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911

 

Related note
2745211
CVSS
5.3

Affected system type
Java
Patchday
2019-12
Released on
2019/12/10

Description
Information Disclosure in PI Axis Adapter

 

Related note
2845780
CVSS
6.7

Affected system type
SAP Adaptive Server...
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise

 

Related note
2701027
CVSS
4.3

Affected system type
BI/BO platform
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)

 

Related note
2504979
CVSS
6.4

Affected system type
Java
Patchday
2019-12
Released on
2019/12/10

Description
Upgrade SSL support to TLSv1.2

 

Related note
2839864
CVSS
9.1

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent

 

Related note
2819170
CVSS
4.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

 

Related note
2393937
CVSS
7.1

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
VMC Authority Check

 

Related note
2828981
CVSS
6.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

 

Related note
2814007
CVSS
7.1

Affected system type
BI/BO platform
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

 

Related note
2814357
CVSS
5.9

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java

 

Related note
2816035
CVSS
5.4

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0393] SQL injection vulnerability in SAP Quality Management

 

Related note
2817937
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)

 

Related note
2833771
CVSS
6.5

Affected system type
SAP Enable Now
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

 

Related note
2835226
CVSS
4.3

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)

 

Related note
2840520
CVSS
6.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)

 

Related note
2842034
CVSS
5.0

Affected system type
SAP Data Hub
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0390] Information Disclosure in SAP Data Hub

 

Related note
962319
CVSS
5.3

Affected system type
Java
Patchday
2019-05
Released on
2006/07/07

Description
Detailed error messages with stack trace in Web Dynpro