SAP Security Notes - August 2019 - Safe O'Clock

SAP Security Notes – August 2019

August 13, 2019

On the 13th of August 2019, SAP Security Patch Day saw the release of 13 Security Notes.

Notes by severity

HotNews 4
Correction with high priority 2
Correction with medium priority 6
Correction with low priority 1


On August Patch Day SAP presents 4 HotNews Security Notes and 2 high-severity Notes.

Starting with the first HotNews Note 2800779Remote Code Execution(RCE) in SAP NetWeaver UDDI Server (Services Registry) – with a CVSS Score of 9.9. By injecting code into the working memory, which is then executed by the program, an attacker can take advantage of the Services Registry‘s remote code execution vulnerability and potentially gain total control of the product, including reading, modifying, or deleting data. Moreover, it can be utilized to make the product crash due to a broad flaw.

The next HotNews Note is 2622660Security updates for the browser control Google Chromium delivered with SAP Business Client – with a CVSS Score of 9.9. This occurred because of flaws found in Chromium, which SAP Business Client uses as its integrated browser control.

Further Note is 2786035Code Injection vulnerabilities in SAP Commerce Cloud (mediaconversion and virtualjdbc extension) – with a CVSS Score of 9.0. Two Remote Code Execution vulnerabilities found in SAP Commerce Cloud are addressed by this SAP security alert (previously SAP Hybris Commerce). The SAP Commerce Cloud‘s most recent patch release must be applied to the affected component.

The last note to describe is 2813811Server-Side Request Forgery in SAP NetWeaver Application Server for Java (Administrator System Overview) – with a CVSS Score of 9.0. An attacker is able to send a specially crafted request from a weak web application using the Java System Overview feature in SAP NetWeaver Administrator (NWA). A Server-Side Request Forgery vulnerability results from its typical use to attack internal systems protected by firewalls that are often unreachable to an attacker from the outside network.


You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more