Security Advisories  

We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.

The user interface, is designed to be as intuitive as possible but we'd love to hear your feedback and opinions.
We hope you like it!
× Yikes, there is work to do!
This time we found critical correction advisiories. We count 29 and the highest CVSS score is 10.0.

 

 Severity
SAP© Security advisories 29
 System Types
Affected SAP© system types

 

Related note
3014121
CVSS
9.9

Affected system type
SAP Commerce Cloud
Patchday
2021-02
Released on
2021/02/09

Description
[CVE-2021-21477] Remote Code Execution vulnerability in SAP Commerce

 

Related note
2999854
CVSS
9.9

Affected system type
ABAP
Patchday
2021-01
Released on
2021/01/12

Description
[CVE-2021-21466] Code Injection in SAP Business Warehouse and SAP BW/4HANA

 

Related note
2986980
CVSS
9.9

Affected system type
ABAP
Patchday
2021-01
Released on
2021/01/12

Description
[CVE-2021-21465] Multiple vulnerabilities in SAP Business Warehouse (Database Interface)

 

Related note
2974774
CVSS
10.0

Affected system type
Java
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)

 

Related note
2989075
CVSS
9.6

Affected system type
BI/BO platform
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)

 

Related note
2983367
CVSS
9.1

Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08

Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA

 

Related note
2985866
CVSS
10.0

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)

 

Related note
2973735
CVSS
9.1

Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/11

Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)

 

Related note
2979062
CVSS
9.1

Affected system type
Java
Patchday
2020-11
Released on
2020/11/10

Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)

 

Related note
2982840
CVSS
9.8

Affected system type
SAP Data Services
Patchday
2020-11
Released on
2020/11/10

Description
Multiple Vulnerabilities in SAP Data Services

 

Related note
2969828
CVSS
10.0

Affected system type
Solution Manager
Patchday
2020-10
Released on
2020/10/13

Description
[CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)

 

Related note
2958563
CVSS
9.1

Affected system type
ABAP
Patchday
2020-09
Released on
2020/09/08

Description
[CVE-2020-6318] Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform

 

Related note
2961991
CVSS
9.6

Affected system type
SAP Marketing
Patchday
2020-09
Released on
2020/09/08

Description
[CVE-2020-6320] Improper Access Control in SAP Marketing (Mobile Channel Servlet)

 

Related note
2928635
CVSS
9.0

Affected system type
Java
Patchday
2020-08
Released on
2020/08/11

Description
[CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)

 

Related note
2934135
CVSS
10.0

Affected system type
Java
Exploit available
Patchday
2020-07
Released on
2020/07/14

Description
[CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)

 

Related note
2928570
CVSS
9.8

Affected system type
Java
Patchday
2020-06
Released on
2020/06/09

Description
Ghostcat' Apache Tomcat AJP Vulnerability in SAP Liquidity Management for Banking

 

Related note
2918924
CVSS
9.8

Affected system type
SAP Cloud Commerce
Patchday
2020-06
Released on
2020/06/09

Description
[CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub

 

Related note
2835979
CVSS
9.9

Affected system type
ABAP
Patchday
2020-05
Released on
2020/05/12

Description
[CVE-2020-6262] Code Injection vulnerability in Service Data Download

 

Related note
2917275
CVSS
9.1

Affected system type
SAP Adaptive Server...
Patchday
2020-05
Released on
2020/05/12

Description
[CVE-2020-6248] Code injection in SAP Adaptive Server Enterprise (Backup Server)

 

Related note
2917090
CVSS
9.0

Affected system type
SAP Adaptive Server...
Patchday
2020-05
Released on
2020/05/12

Description
[CVE-2020-6252] Information Disclosure in SAP Adaptive Server Enterprise (Cockpit)

 

Related note
2900118
CVSS
9.1

Affected system type
SAP Orient DB
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0

 

Related note
2896682
CVSS
9.1

Affected system type
Java
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)

 

Related note
2904480
CVSS
9.3

Affected system type
SAP Commerce Cloud
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce

 

Related note
2863731
CVSS
9.1

Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14

Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)

 

Related note
2845377
CVSS
9.8

Affected system type
Java
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)

 

Related note
2890213
CVSS
10.0

Affected system type
Java
Exploit available
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)

 

Related note
2806198
CVSS
9.1

Affected system type
Java
Patchday
2020-03
Released on
2020/03/10

Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)

 

Related note
2622660
CVSS
9.8

Affected system type
SAP GUI / Frontend
Patchday
2020-02
Released on
2018/04/10

Description
Security updates for the browser control Google Chromium delivered with SAP Business Client

 

Related note
2839864
CVSS
9.1

Affected system type
Java
Patchday
2019-11
Released on
2019/11/12

Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent