
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that customers visit the Support Portal and apply patches on a priority to protect their SAP landscape.
Note# | Title | Priority | CVSS |
2376743 | Missing Authorization check in EA-DFPS utilities | Medium | 6.5 |
2442630 | Missing Authorization check in EA-DFPS | Medium | 6.3 |
2423486 | Update to Security Note released on Apr 2017 Patch Day: Missing Authorization check in SAP NetWeaver ADBC Demo Programs | Medium | 6.3 |
2443586 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Authentication and SSO | Medium | 6.1 |
2424671 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Generic Object Services | Medium | 5.4 |
2448972 | Improved Permission Checks for opening connection in SAP GUI for Java | Medium | 5.1 |
2412897 | Cross-Site Scripting (XSS) vulnerability in Enterprise Portal | Medium | 4.8 |
2441560 | Potential Denial of Service (DoS) in SAPCAR | Medium | 4.5 |
2394024 | Missing Authorization check in EA-DFPS | Medium | 4.3 |
2235515 | Update to Security Note released on Nov 2015 Patch Day: Insufficient logging in SNOTE | Medium | 4.3 |
2406918 | Missing XML Validation vulnerability in SAP NetWeaver Web Services Configuration UI | Low | 3.8 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
3 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |