Security Advisories
We've created the first of its kind, SecurityBridge Cloud Platform to prioritize SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. Our security advisories enable SAP users to understand the security and business implications of running SAP.
We hope you like it!
This time we found critical correction advisiories. We count 29 and the highest CVSS score is 10.0.
Affected system
type
SAP Commerce Cloud
Patchday
2021-02
Released
on
2021/02/09
Description
[CVE-2021-21477] Remote Code Execution vulnerability in SAP Commerce
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21466] Code Injection in SAP Business Warehouse and SAP BW/4HANA
Affected system
type
ABAP
Patchday
2021-01
Released
on
2021/01/12
Description
[CVE-2021-21465] Multiple vulnerabilities in SAP Business Warehouse (Database Interface)
Affected system
type
Java
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)
Affected system
type
BI/BO platform
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
Affected system
type
ABAP
Patchday
2020-12
Released
on
2020/12/08
Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)
Affected system
type
ABAP
Patchday
2020-11
Released
on
2020/11/11
Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)
Affected system
type
Java
Patchday
2020-11
Released
on
2020/11/10
Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
Affected system
type
SAP Data Services
Patchday
2020-11
Released
on
2020/11/10
Description
Multiple Vulnerabilities in SAP Data Services
Affected system
type
Solution Manager
Patchday
2020-10
Released
on
2020/10/13
Description
[CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)
Affected system
type
ABAP
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6318] Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform
Affected system
type
SAP Marketing
Patchday
2020-09
Released
on
2020/09/08
Description
[CVE-2020-6320] Improper Access Control in SAP Marketing (Mobile Channel Servlet)
Affected system
type
Java
Patchday
2020-08
Released
on
2020/08/11
Description
[CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management)
Affected system
type
Java
Exploit available
Patchday
2020-07
Released
on
2020/07/14
Description
[CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)
Affected system
type
Java
Patchday
2020-06
Released
on
2020/06/09
Description
Ghostcat' Apache Tomcat AJP Vulnerability in SAP Liquidity Management for Banking
Affected system
type
SAP Cloud Commerce
Patchday
2020-06
Released
on
2020/06/09
Description
[CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub
Affected system
type
ABAP
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6262] Code Injection vulnerability in Service Data Download
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6248] Code injection in SAP Adaptive Server Enterprise (Backup Server)
Affected system
type
SAP Adaptive Server...
Patchday
2020-05
Released
on
2020/05/12
Description
[CVE-2020-6252] Information Disclosure in SAP Adaptive Server Enterprise (Cockpit)
Affected system
type
SAP Orient DB
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0
Affected system
type
Java
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)
Affected system
type
SAP Commerce Cloud
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce
Affected system
type
BI/BO platform
Patchday
2020-04
Released
on
2020/04/14
Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
Affected system
type
Java
Exploit available
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)
Affected system
type
Java
Patchday
2020-03
Released
on
2020/03/10
Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)
Affected system
type
SAP GUI / Frontend
Patchday
2020-02
Released
on
2018/04/10
Description
Security updates for the browser control Google Chromium delivered with SAP Business Client
Affected system
type
Java
Patchday
2019-11
Released
on
2019/11/12
Description
Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent