This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his SAP landscape.
Note# | Title | Priority | CVSS |
2424173 | Vulnerabilities in the user self-service tools of SAP HANA | Very high | 9.8 |
2429069 | Session fixation vulnerability in SAP HANA extended application services, classic model | High | 8.8 |
2407616 | Remote Code Execution vulnerability in SAP GUI for Windows | High | 8.0 |
2399804 | Denial of service (DOS) in Visual Composer | High | 7.5 |
2405918 | Denial of service (DOS) in SAP Netweaver Dynpro Engine | High | 7.5 |
2416119 | Improved security for HTTP URL outgoing connections in SAP Netweaver | High | 7.4 |
2418823 | Update 1 to Note 2319506 | High | 7.2 |
2378999 | Missing Authorization check in SAP ERP Materials Management | Medium | 6.3 |
2408100 | Cross-Site Scripting (XSS) vulnerability in Enterprise Portal - GenericSemanticTest component | Medium | 6.1 |
2417046 | Cross-Site Scripting (XSS) vulnerability in SAP Netweaver Monitoring application | Medium | 6.1 |
2372626 | Missing XML Validation vulnerability in SAP Netweaver Log Viewer application | Medium | 5.5 |
2332977 | Cross site scripting (XSS) vulnerability in Web Dynpro ABAP | Medium | 5.4 |
2333845 | Cross-Site Scripting (XSS) vulnerability in UnifiedRendering | Medium | 5.4 |
2335272 | Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML | Medium | 5.4 |
2360761 | Memory Corruption vulnerability in SAP 3D Visual Enterprise Author, Generator and Viewer | Medium | 5.4 |
2386814 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence HTML interface | Medium | 5.4 |
2392509 | Cross-Site Scripting (XSS) vulnerability in Enterprise Portal styleservice | Medium | 5.4 |
2417428 | Cross-Site Scripting (XSS) vulnerability in SAP Travel Management | Medium | 5.4 |
2418209 | Cross-Site Scripting (XSS) vulnerability in Security Diagnostic Tool | Medium | 5.4 |
2372188 | Information Disclosure in Business Process Management | Medium | 5.3 |
2424120 | Information disclosure in SAP HANA cockpit for offline administration | Medium | 4.9 |
2381388 | Missing Authorization check in SAP ERP Materials Management | Medium | 4.3 |
2406841 | Java Script Engine of ABAP server may become unavailable | Low | 2.7 |
2426260 | SQL Injection vulnerability in SAP HANA extended application services, classic model | Low | 2.7 |
2428811 | SQL Injection vulnerability in SAP HANA Web Workbench | Low | 2.7 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
5 | |
4 | |
4 | |
4 | |
3 | |
3 | |
2 | |
2 |