This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that customers visit the Support Portal and apply patches on a priority to protect their SAP landscape.
Note# | Title | Priority | CVSS |
2313631 | Denial of service (DOS) in BILaunchPad and Central Management Console | High | 7.5 |
2389181 | Denial of service (DOS) in SAP NetWeaver Instance Agent Service | High | 7.5 |
2416119 | Update to Security Note released on Mar 2017 Patch Day: Improved security for outgoing HTTPS connections in SAP NetWeaver | High | 7.4 |
2396544 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence HTML interface | High | 7.1 |
2444321 | Missing certificate verification in CommonCryptoLib | High | 7 |
2425129 | Missing XML Validation vulnerability in SAP Note Assistant | Medium | 6.9 |
2427292 | Information disclosure in SAP MMC Console | Medium | 6.6 |
2430022 | Denial of service (DOS) in SAP Netweaver AS ABAP | Medium | 6.5 |
2457269 | Missing XML Validation vulnerability in Business Planning & Consolidation system reports | Medium | 6.5 |
2423486 | Update to Security Note released on Apr 2017 Patch Day: Missing Authorization check in SAP NetWeaver ADBC Demo Programs | Medium | 6.3 |
2405943 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Composite Application Framework and Business | Medium | 6.1 |
2419559 | Reflected Cross-Site Scripting (XSS) in Web Intelligence BI Launchpad | Medium | 6.1 |
2419524 | Reflected Cross-Site Scripting (XSS) in Web Intelligence BI Launchpad | Medium | 6.1 |
2373032 | Update to Security Note released on Dec 2016 Patch Day: Cross-Site Scripting (XSS) vulnerability in WebClient User Interface | Medium | 6.1 |
2423429 | Code Injection vulnerability in SAP Web Dispatcher | Medium | 5.3 |
2445071 | Denial of service (DOS) in SAP NetWeaver Message Server | Medium | 5.3 |
2445033 | Information Disclosure in SAP NetWeaver Message Server | Medium | 5.3 |
2422292 | Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Financial Consolidation | Medium | 4.6 |
2429693 | Directory Traversal vulnerability in SAP BusinessObjects Intercompany 10.0 | Medium | 4.3 |
2457909 | Missing Authorization check in SCM Forecasting and Replenishment | Medium | 4.3 |
2472026 | URL Redirection vulnerability in SAP Data Services Management Console | Medium | 4.3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 |