We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 16 and the highest CVSS score is 10.0.
Severity
SAP© Security advisories 16
System Types
Affected SAP© system types
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
Affected system
type
SAP ERP Client for E-Bilanz
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0
Affected system
type
SAP Commerce Cloud
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26809] Information Disclosure in SAP Commerce Cloud
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/11
Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/10/27
Description
SQL Injection in SAF-T Portugal
Affected system
type
SAP Commerce Cloud
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/10/27
Description
SQL Injection in SAF-T Portugal
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26815] Security Vulnerabilities in SAP Fiori Launchpad (NewsTile Application)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
Missing Authorization check in Disbursement Read API used in Read Disbursement Webservice
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro)
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
Clickjacking vulnerability in SAP Process Integration (Integration Builder Framework)
Affected system
type
SAP Data Services
Patchday
2020-11
Released
on
2020/11/10
Description
Multiple Vulnerabilities in SAP Data Services
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On)
Affected system
type
SAP 3D Visual Enterprise
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26817] Improper input validation in Visual Enterprise Viewer