Security Advisories

We've created the first of its kind, SecurityBridge ^{Cloud Platform} to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!

× Hey there! Glad you made it.
We have found 6 security advices for you to review.

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

_{Related note}
2971180

_CVSS
5.4

_{Affected system
type}
SAP Disclosure Management

_Patchday
2020-12

_{Released
on}
2020/12/08

Description
[CVE-2020-26828] Formula Injection in SAP Disclosure Management

Security Advisory

_{Related note}
2974330

_CVSS
6.5

_{Affected system
type}
Java

_Patchday
2020-12

_{Released
on}
2020/12/08

Description
[CVE-2020-26826] Unrestricted File Upload vulnerability in SAP NetWeaver Application Server for Java (Process Integration Monitoring)

Security Advisory

_{Related note}
2978768

_CVSS
4.2

_{Affected system
type}
HANA Platform

_Patchday
2020-12

_{Released
on}
2020/12/08

Description
[CVE-2020-26834 ] Improper authentication in SAP HANA database

Security Advisory

_{Related note}
2996479

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2020-12

_{Released
on}
2020/12/08

Description
[CVE-2020-26835] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP

Security Advisory

_{Related note}
2989719

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2020-12

_{Released
on}
2020/11/24

Description
Missing Authorization check in S/4HANA (Central Finance)

Security Advisory

_{Related note}
2971163

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2020-12

_{Released
on}
2020/12/08

Description
[CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service)

Security Advisory

Notifications

Security Advisories

Severity

SAP© Security advisories 6

System Types

Affected SAP© system types

Related note 2971180

CVSS 5.4

Affected system type SAP Disclosure Management

Patchday2020-12

Released on2020/12/08

Related note 2974330

CVSS 6.5

Affected system type Java

Patchday2020-12

Released on2020/12/08

Related note 2978768

CVSS 4.2

Affected system type HANA Platform

Patchday2020-12

Released on2020/12/08

Related note 2996479

CVSS 5.3

Affected system type ABAP

Patchday2020-12

Released on2020/12/08

Related note 2989719

CVSS 6.3

Affected system type ABAP

Patchday2020-12

Released on2020/11/24

Related note 2971163

CVSS 5.4

Affected system type Java

Patchday2020-12

Released on2020/12/08

_{Related note}
2971180

_CVSS
5.4

_{Affected system
type}
SAP Disclosure Management

_Patchday
2020-12

_{Released
on}
2020/12/08

_{Related note}
2974330

_CVSS
6.5

_{Affected system
type}
Java

_Patchday
2020-12

_{Released
on}
2020/12/08

_{Related note}
2978768

_CVSS
4.2

_{Affected system
type}
HANA Platform

_Patchday
2020-12

_{Released
on}
2020/12/08

_{Related note}
2996479

_CVSS
5.3

_{Affected system
type}
ABAP

_Patchday
2020-12

_{Released
on}
2020/12/08

_{Related note}
2989719

_CVSS
6.3

_{Affected system
type}
ABAP

_Patchday
2020-12

_{Released
on}
2020/11/24

_{Related note}
2971163

_CVSS
5.4

_{Affected system
type}
Java

_Patchday
2020-12

_{Released
on}
2020/12/08