Security Advisories  

We've created the first of its kind, ABEX Security Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 12 and the highest CVSS score is 9.1.

 

 Severity
SAP© Security advisories 12
 System Types
Affected SAP© system types

 

Related note
2814007
CVSS
7.1

Affected system type
BI/BO platform
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Security Advisory

 

Related note
2814357
CVSS
5.9

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java

Security Advisory

 

Related note
2816035
CVSS
5.4

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0393] SQL injection vulnerability in SAP Quality Management

Security Advisory

 

Related note
2817937
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)

Security Advisory

 

Related note
2833771
CVSS
6.5

Affected system type
SAP Enable Now
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Security Advisory

 

Related note
2835226
CVSS
4.3

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)

Security Advisory

 

Related note
2840520
CVSS
6.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)

Security Advisory

 

Related note
2842034
CVSS
5.0

Affected system type
SAP Data Hub
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0390] Information Disclosure in SAP Data Hub

Security Advisory

 

Related note
2839864
CVSS
9.1

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent

Security Advisory

 

Related note
2819170
CVSS
4.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

Security Advisory

 

Related note
2393937
CVSS
7.1

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
VMC Authority Check

Security Advisory

 

Related note
2828981
CVSS
6.3

Affected system type
ABAP
Patchday
2019-11
Released on
2019/11/12

Description
[CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

Security Advisory