Security Advisories  

We've created the first of its kind, ABEX Security Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 22 and the highest CVSS score is 9.1.

 

 Severity
SAP© Security advisories 22
 System Types
Affected SAP© system types

 

Related note
2734675
CVSS
6.3

Affected system type
ABAP
Patchday
2019-12
Released on
2019/12/10

Description
Missing Authorization Check in SAP Cash Management

Security Advisory

 

Related note
2803554
CVSS
5.3

Affected system type
ABAP
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0399] Potential Information Disclosure in SAP Portfolio and Project Management

Security Advisory

 

Related note
2814462
CVSS
5.3

Affected system type
ABAP
Patchday
2019-12
Released on
2019/11/26

Description
Missing Authorization Check in S/4Hana ACR Brazil Option Features

Security Advisory

 

Related note
2830578
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)

Security Advisory

 

Related note
2845183
CVSS
5.3

Affected system type
SAP Enable Now
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911

Security Advisory

 

Related note
2745211
CVSS
5.3

Affected system type
Java
Patchday
2019-12
Released on
2019/12/10

Description
Information Disclosure in PI Axis Adapter

Security Advisory

 

Related note
2845780
CVSS
6.7

Affected system type
SAP Adaptive Server Enterprise (ASE)
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise

Security Advisory

 

Related note
2701027
CVSS
4.3

Affected system type
BI/BO platform
Patchday
2019-12
Released on
2019/12/10

Description
[CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)

Security Advisory

 

Related note
2504979
CVSS
6.4

Affected system type
Java
Patchday
2019-12
Released on
2019/12/10

Description
Upgrade SSL support to TLSv1.2

Security Advisory

 

Related note
2839864
CVSS
9.1

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent

Security Advisory

 

Related note
2819170
CVSS
4.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

Security Advisory

 

Related note
2393937
CVSS
7.1

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
VMC Authority Check

Security Advisory

 

Related note
2828981
CVSS
6.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

Security Advisory

 

Related note
2814007
CVSS
7.1

Affected system type
BI/BO platform
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Security Advisory

 

Related note
2814357
CVSS
5.9

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java

Security Advisory

 

Related note
2816035
CVSS
5.4

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0393] SQL injection vulnerability in SAP Quality Management

Security Advisory

 

Related note
2817937
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)

Security Advisory

 

Related note
2833771
CVSS
6.5

Affected system type
SAP Enable Now
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Security Advisory

 

Related note
2835226
CVSS
4.3

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)

Security Advisory

 

Related note
2840520
CVSS
6.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)

Security Advisory

 

Related note
2842034
CVSS
5.0

Affected system type
SAP Data Hub
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0390] Information Disclosure in SAP Data Hub

Security Advisory

 

Related note
962319
CVSS
5.3

Affected system type
Java
Patchday
2019-05
Released on
2006/07/07

Description
Detailed error messages with stack trace in Web Dynpro

Security Advisory