Security Advisories  

We've created the first of its kind, ABEX Security Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 24 and the highest CVSS score is 9.3.

 

 Severity
SAP© Security advisories 24
 System Types
Affected SAP© system types

 

Related note
2863731
CVSS
9.1

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)

Security Advisory

 

Related note
2864966
CVSS
6.3

Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6212] Missing Authorization Check in SAP ERP & S/4 HANA (Egypt localized Withholding Tax reports)

Security Advisory

 

Related note
2863396
CVSS
5.3

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6227] Remote unauthenticated log injection in SAP Business Objects Business Intelligence Platform (CMS / Auditing issues)

Security Advisory

 

Related note
2866752
CVSS
5.3

Affected system type
SAPGUI / Frontend
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6228] Missing Integrity Check in SAP BUSINESS CLIENT

Security Advisory

 

Related note
2879132
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6226] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface)

Security Advisory

 

Related note
2877226
CVSS
6.3

Affected system type
ABAP
Patchday
2020-04
Released on
2020/03/12

Description
Switchable Authorization checks in SAP Supplier Relationship Management

Security Advisory

 

Related note
2872752
CVSS
6.1

Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6213]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB)

Security Advisory

 

Related note
2872782
CVSS
6.1

Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP – Business Server Pages Test Application IT00

Security Advisory

 

Related note
2876059
CVSS
6.1

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6216] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BILaunchpad/Opendocument)

Security Advisory

 

Related note
2878507
CVSS
6.4

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6195] Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform

Security Advisory

 

Related note
2888556
CVSS
5.3

Affected system type
SAP Commerce Cloud
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6232] Missing Authorization check in SAP Commerce

Security Advisory

 

Related note
2880804
CVSS
5.4

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Security Advisory

 

Related note
2906994
CVSS
8.6

Affected system type
SAP Solution Manager
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6235] Missing authentication check in SAP Solution Manager (Diagnostics Agent )

Security Advisory

 

Related note
2900374
CVSS
6.1

Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6229] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)

Security Advisory

 

Related note
2897612
CVSS
4.7

Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6214] Incorrect Authorization in SAP S/4HANA (Financial Products Subledger)

Security Advisory

 

Related note
2904480
CVSS
9.3

Affected system type
SAP Commerce Cloud
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce

Security Advisory

 

Related note
2900118
CVSS
9.1

Affected system type
SAP Orient DB
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0

Security Advisory

 

Related note
2904796
CVSS
4.3

Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6233] Missing Authorization Check in SAP S/4 HANA (Financial Products Subledger and Banking Services)

Security Advisory

 

Related note
2826528
CVSS
6.2

Affected system type
Java
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6224] Information Disclosure in SAP NetWeaver Application Server Java (HTTP Service)

Security Advisory

 

Related note
2902645
CVSS
7.2

Affected system type
SAP Host Agent
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6234] Privilege Escalation in SAP Host Agent

Security Advisory

 

Related note
2902456
CVSS
7.2

Affected system type
SAP Landscape Management
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6236] Privilege Escalation in SAP Landscape Management (SAP Adaptive Extensions)

Security Advisory

 

Related note
2898077
CVSS
7.5

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6237] Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application)

Security Advisory

 

Related note
2896682
CVSS
9.1

Affected system type
Java
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)

Security Advisory

 

Related note
2872545
CVSS
6.1

Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6217] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)

Security Advisory