Security Advisories  

We've created the first of its kind, ABEX Security Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 19 and the highest CVSS score is 9.8.

 

 Severity
SAP© Security advisories 19
 System Types
Affected SAP© system types

 

Related note
2695210
CVSS
5.3

Affected system type
BI/BO platform
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6189] Information Disclosure in SAP BusinessObjects BI Central Management Console

Security Advisory

 

Related note
2695776
CVSS
7.4

Affected system type
SAP Mobile Platform
Patchday
2020-02
Released on
2020/01/14

Description
Missing Authorization Check in SAP Mobile Platform Native SDK, Android

Security Advisory

 

Related note
2057196
CVSS
6.3

Affected system type
ABAP
Patchday
2020-02
Released on
2014/09/17

Description
Missing authorization check in IS-B-BCA-AM

Security Advisory

 

Related note
2836445
CVSS
5.3

Affected system type
SAP Host Agent
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6183] Unprivileged Access to technical data using SAPOSCOL of SAP Host Agent

Security Advisory

 

Related note
2841053
CVSS
7.5

Affected system type
SAP Host Agent
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6186] Denial of Service (DOS) Vulnerability in SAP Host Agent

Security Advisory

 

Related note
2880744
CVSS
5.8

Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6181] HTTP Response Splitting vulnerability in SAP NetWeaver and ABAP Platform

Security Advisory

 

Related note
2878030
CVSS
7.2

Affected system type
SAP Landscape Management
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6191] Missing Input Validation in SAP Landscape Management

Security Advisory

 

Related note
2873012
CVSS
6.1

Affected system type
Java
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6193]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Knowledge Management ICE Service)

Security Advisory

 

Related note
2880993
CVSS
4.3

Affected system type
SAP Mobile Platform
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6177] Missing XML Validation vulnerability in SAP Mobile Platform

Security Advisory

 

Related note
2822074
CVSS
6.6

Affected system type
ABAP
Patchday
2020-02
Released on
2020/01/14

Description
Missing Authorization check in SAP NetWeaver (ABAP Server)

Security Advisory

 

Related note
2880869
CVSS
6.1

Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6184 ]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver and SAP S/4HANA

Security Advisory

 

Related note
2838835
CVSS
5.3

Affected system type
Java
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6190]Information Disclosure in SAP NetWeaver AS Java (Heap Dump Application)

Security Advisory

 

Related note
2736825
CVSS
6.5

Affected system type
ABAP
Patchday
2020-02
Released on
2019/03/12

Description
[CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server

Security Advisory

 

Related note
2622660
CVSS
9.8

Affected system type
SAPGUI / Frontend
Patchday
2020-02
Released on
2018/04/10

Description
Security updates for the browser control Google Chromium delivered with SAP Business Client

Security Advisory

 

Related note
2864415
CVSS
4.9

Affected system type
Java
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6187]Missing XML Validation vulnerability in SAP NetWeaver(Guided Procedures)

Security Advisory

 

Related note
2870067
CVSS
6.5

Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11

Description
Update 1 to Security Note 2736825 - [CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server

Security Advisory

 

Related note
2877968
CVSS
7.2

Affected system type
SAP Landscape Management
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6192] Missing Input Validation in SAP Landscape Management

Security Advisory

 

Related note
2688383
CVSS
6.3

Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11

Description
Missing authorization check in Dangerous Goods Management of EHS Services in SCM

Security Advisory

 

Related note
2857511
CVSS
6.3

Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11

Description
[CVE-2020-6188] Missing Authorization check in SAP ERP and S/4 HANA (VAT Pro-Rata reports)

Security Advisory