Security Advisories  

We've created the first of its kind, ABEX Security Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 20 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 20
 System Types
Affected SAP© system types

 

Related note
2884910
CVSS
6.1

Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6205] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Business Server Pages  (Smart Forms)

Security Advisory

 

Related note
2731871
CVSS
6.3

Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10

Description
Missing Authorization check in Commercial Project Management

Security Advisory

 

Related note
2880664
CVSS
5.4

Affected system type
SAP Enable Now
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6178] Insufficient session expiration in SAP Enable Now Manager

Security Advisory

 

Related note
2871167
CVSS
5.4

Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6199] Missing Authorization check in SAP ERP and S/4 HANA (MENA Certificate Management)

Security Advisory

 

Related note
2864462
CVSS
4.7

Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6210] Cross-Site Scripting (XSS) vulnerability in SAP Fiori Launchpad

Security Advisory

 

Related note
1966029
CVSS
7.3

Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10

Description
Directory traversal in SAP Environment Health and Safety

Security Advisory

 

Related note
2876413
CVSS
5.4

Affected system type
SAP Commerce Cloud
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6200] Cross-Site-Scripting in SAP Commerce Cloud (SmartEdit extension)

Security Advisory

 

Related note
2876813
CVSS
6.1

Affected system type
SAP Commerce Cloud
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6201] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud (testweb extension)

Security Advisory

 

Related note
2892570
CVSS
5.9

Affected system type
ABAP Development Tools
Patchday
2020-03
Released on
2020/03/10

Description
Missing XML Validation vulnerability in ABAP Development Tools

Security Advisory

 

Related note
2847787
CVSS
5.5

Affected system type
Java
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6202] Missing XML Validation in SAP NetWeaver Application Server Java (User Management Engine)

Security Advisory

 

Related note
2890213
CVSS
10.0

Affected system type
Java
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)

Security Advisory

 

Related note
2845377
CVSS
9.8

Affected system type
Java
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)

Security Advisory

 

Related note
2660005
CVSS
7.2

Affected system type
SAP MaxDB
Patchday
2020-03
Released on
2018/08/14

Description
[CVE-2018-2450] SQL Injection Vulnerability in SAP MaxDB/liveCache

Security Advisory

 

Related note
2806198
CVSS
9.1

Affected system type
Java
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)

Security Advisory

 

Related note
2826782
CVSS
7.5

Affected system type
BI/BO platform
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6196] Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService)

Security Advisory

 

Related note
2841874
CVSS
4.3

Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6204] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)

Security Advisory

 

Related note
2845363
CVSS
3.8

Affected system type
SAP Enable Now
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6197] Insufficient session expiration in SAP Enable Now Manager

Security Advisory

 

Related note
2858044
CVSS
7.5

Affected system type
SAP Disclosure Management
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6209] Missing Authorization check in SAP Disclosure Management

Security Advisory

 

Related note
2859004
CVSS
4.7

Affected system type
SAP CPI DS
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6206] Cross-Site Request Forgery in SAP Cloud Platform Integration for data services

Security Advisory

 

Related note
2861301
CVSS
8.2

Affected system type
BI/BO platform
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6208] Remote Code Execution in SAP Business Objects Business Intelligence Platform (Crystal Reports)

Security Advisory