This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that customers visit the Support Portal and apply patches on a priority to protect their SAP landscape.
Note# | Title | Priority | CVSS |
2419592 | Code Injection vulnerability in TREX / BWA | Very High | 9.4 |
2407616 | Update to Security Note released on Mar 2017 Patch Day: Remote Code Execution vulnerability in SAP GUI for Windows | High | 8.0 |
2391018 | Update to Security Note released on Feb 2017 Patch Day: Memory Corruption vulnerability in SAP 3D Visual Enterprise Author, Generator and Viewer | High | 7.8 |
2410082 | Missing XML Validation vulnerability in Web Dynpro Flash Island | High | 7.5 |
2421287 | Security vulnerabilities in SAPLPD | High | 7.5 |
2406783 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Central Technical Configuration | Medium | 6.3 |
2423486 | Missing Authorization check in SAP NetWeaver ADBC Demo Programs | Medium | 6.3 |
2427949 | Incorrect Authorization Checks in SAP ERP Logistics Customer Master and Vendor Master | Medium | 6.3 |
2308535 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Java Archiving Framework | Medium | 6.1 |
2400292 | Missing XML Validation vulnerability in TranslationSupport application | Medium | 5.4 |
2426076 | Multiple vulnerabilities in SAP ERP Stakeholder Relationship Management | Medium | 5.3 |
2372301 | Missing XML Validation in Composite Application Framework Authorization Tool | Medium | 4.9 |
2387249 | Missing XML Validation vulnerability in Knowledge Management ICE Service | Medium | 4.9 |
2374348 | Update to Security Note released on Jan 2017 Patch Day: Information Disclosure in DBISQL affecting SAP SQL Anywhere, SAP ASE and SAP IQ | Low | 3.9 |
2403010 | Cross-Site Request Forgery (CSRF) vulnerability in BI LaunchPad | Low | 3.5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
4 | |
3 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |