Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 12 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 12
 System Types
Affected SAP© system types

 

Related note
2974774
CVSS
10.0

Affected system type
Java
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)

 

Related note
2989075
CVSS
9.6

Affected system type
BI/BO platform
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)

 

Related note
2983367
CVSS
9.1

Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA

 

Related note
2983204
CVSS
8.5

Affected system type
SAP Solution Manager
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26837] Multiple Vulnerabilities in SAP Solution Manager 7.2 (User Experience Monitoring)

 

Related note
2993132
CVSS
7.6

Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26832] Missing Authorization check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation)

 

Related note
2974330
CVSS
6.5

Affected system type
Java
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26826] Unrestricted File Upload vulnerability in SAP NetWeaver Application Server for Java (Process Integration Monitoring)

 

Related note
2989719
CVSS
6.3

Affected system type
ABAP
Patchday
2020-12
Released on
2020/11/24

Description
Missing Authorization check in S/4HANA (Central Finance)

 

Related note
2971180
CVSS
5.4

Affected system type
SAP Disclosure Management
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26828] Formula Injection in SAP Disclosure Management

 

Related note
2971163
CVSS
5.4

Affected system type
Java
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service)

 

Related note
2996479
CVSS
5.3

Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26835] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP

 

Related note
2978768
CVSS
4.2

Affected system type
HANA Platform
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26834 ] Improper authentication in SAP HANA database

 

Related note
2938650
CVSS
3.4

Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26836] Open Redirect in SAP Solution Manager (Trace Analysis)