We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 22 and the highest CVSS score is 9.1.
Severity
SAP© Security advisories 22
System Types
Affected SAP© system types
Affected system
type
BI/BO platform
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/12/10
Description
Missing Authorization Check in SAP Cash Management
Affected system
type
Java
Patchday
2019-12
Released
on
2019/12/10
Description
Upgrade SSL support to TLSv1.2
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0399] Potential Information Disclosure in SAP Portfolio and Project Management
Affected system
type
ABAP
Patchday
2019-12
Released
on
2019/11/26
Description
Missing Authorization Check in S/4Hana ACR Brazil Option Features
Affected system
type
BI/BO platform
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)
Affected system
type
SAP Enable Now
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911
Affected system
type
SAP Adaptive Server...
Patchday
2019-12
Released
on
2019/12/10
Description
[CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise
Affected system
type
Java
Patchday
2019-12
Released
on
2019/12/10
Description
Information Disclosure in PI Axis Adapter
Affected system
type
SAP Data Hub
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0390] Information Disclosure in SAP Data Hub
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Affected system
type
SAP Enable Now
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now
Affected system
type
BI/BO platform
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
VMC Authority Check
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0393] SQL injection vulnerability in SAP Quality Management
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)
Affected system
type
ABAP
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)
Affected system
type
BI/BO platform
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
[CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent
Affected system
type
Java
Patchday
2019-05
Released
on
2006/07/07
Description
Detailed error messages with stack trace in Web Dynpro