Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 16
 System Types
Affected SAP© system types

 

Related note
2985866
CVSS
10.0

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)

 

Related note
2982840
CVSS
9.8

Affected system type
SAP Data Services
Patchday
2020-11
Released on
2020/11/10

Description
Multiple Vulnerabilities in SAP Data Services

 

Related note
2979062
CVSS
9.1

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)

 

Related note
2973735
CVSS
9.1

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/11

Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)

 

Related note
2984627
CVSS
8.6

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26815] Security Vulnerabilities in SAP Fiori Launchpad (NewsTile Application)

 

Related note
2975170
CVSS
7.5

Affected system type
SAP Commerce Cloud
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock)

 

Related note
2975189
CVSS
7.5

Affected system type
SAP Commerce Cloud
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26809] Information Disclosure in SAP Commerce Cloud

 

Related note
2971954
CVSS
6.5

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro)

 

Related note
2264508
CVSS
5.4

Affected system type
ABAP
Patchday
2020-11
Released on
2020/10/27

Description
SQL Injection in SAF-T Portugal

 

Related note
2319577
CVSS
5.4

Affected system type
ABAP
Patchday
2020-11
Released on
2020/10/27

Description
SQL Injection in SAF-T Portugal

 

Related note
2824209
CVSS
5.4

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
Clickjacking vulnerability in SAP Process Integration (Integration Builder Framework)

 

Related note
2952084
CVSS
4.9

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On)

 

Related note
2971112
CVSS
4.4

Affected system type
SAP ERP Client for E-Bilanz
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0

 

Related note
2985094
CVSS
4.3

Affected system type
Visual Enterprise
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26817] Improper input validation in Visual Enterprise Viewer

 

Related note
2944188
CVSS
4.3

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA

 

Related note
2947891
CVSS
3.0

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10

Description
Missing Authorization check in Disbursement Read API used in Read Disbursement Webservice

 

 
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation
strategies essential for preventing the disruption of vital business systems.
We help businesses in making their SAP systems more secure.

Company

© Copyright 2021 by SecurityBridge // NCMI GmbH