Security Advisories  

We've created the first of its kind, ABEX Security Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 16
 System Types
Affected SAP© system types

 

Related note
2979062
CVSS
9.1

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)

Security Advisory

 

Related note
2973735
CVSS
9.1

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/11

Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)

Security Advisory

 

Related note
2264508
CVSS
5.4

Affected system type
ABAP
Patchday
2020-11
Released on
2020/10/27

Description
SQL Injection in SAF-T Portugal

Security Advisory

 

Related note
2975170
CVSS
7.5

Affected system type
SAP Commerce Cloud
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock)

Security Advisory

 

Related note
2985094
CVSS
4.3

Affected system type
Visual Enterprise
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26817] Improper input validation in Visual Enterprise Viewer

Security Advisory

 

Related note
2944188
CVSS
4.3

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA

Security Advisory

 

Related note
2319577
CVSS
5.4

Affected system type
ABAP
Patchday
2020-11
Released on
2020/10/27

Description
SQL Injection in SAF-T Portugal

Security Advisory

 

Related note
2984627
CVSS
8.6

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26815] Security Vulnerabilities in SAP Fiori Launchpad (NewsTile Application)

Security Advisory

 

Related note
2947891
CVSS
3.0

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
Missing Authorization check in Disbursement Read API used in Read Disbursement Webservice

Security Advisory

 

Related note
2971954
CVSS
6.5

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro)

Security Advisory

 

Related note
2971112
CVSS
4.4

Affected system type
SAP ERP Client for E-Bilanz
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0

Security Advisory

 

Related note
2975189
CVSS
7.5

Affected system type
SAP Commerce Cloud
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26809] Information Disclosure in SAP Commerce Cloud

Security Advisory

 

Related note
2985866
CVSS
10.0

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)

Security Advisory

 

Related note
2824209
CVSS
5.4

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
Clickjacking vulnerability in SAP Process Integration (Integration Builder Framework)

Security Advisory

 

Related note
2982840
CVSS
9.8

Affected system type
SAP Data Services
Patchday
2020-11
Released on
2020/11/10

Description
Multiple Vulnerabilities in SAP Data Services

Security Advisory

 

Related note
2952084
CVSS
4.9

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On)

Security Advisory