Security Advisory for November 2020 
Advisory

Today we have released the Security Advisories for the month of November 2020

 


In the month of November 2020 we would like to bring 16 security advisories to your attention. 

Taking control of the patch management process for the vast product portfolio offered by SAP SE is essential to maintain a steady security posture. We have reviewed the security patches released (and updated) in November 2020 and found corrections that eliminate the following attack vectors:

  • "SQL Injection (read/write)"
  • "OS command injection"
  • "Information Disclosure"
  • "Denial of Service (DoS)"
  • "Missing authorization check"
  • "Server-side request forgery (SSRF)"
  • "Clickjacking"
  • "Missing authorization check"
  • "Insecure installation defaults"
  • "SQL Injection (read)"

Patches released by the manufacture contain solutions for the components

  • "CA-FE-NEW"
  • "BC-XI-IBC"
  • "XX-CSC-PT-FICA"
  • "CEC-COM-CPS"
  • "EPM-EBI"
  • "FS-AM-OM-AC-DB"
  • "BC-ESI-UDDI"
  • "SV-SMG-MON-EEM"
  • "CA-VE-VEV"
  • "EIM-DS-DEP"
  • "CA-LT-PCL"
  • "PS-IS"
  • "BC-XI-CON"
  • "BW-WHM-DST-ARC".

View the Advisories of November 2020