On the 10th of December 2019, SAP Security Patch Day saw the release of 13 Security Notes.
Notes by severity
|Correction with high priority||0|
|Correction with medium priority||12|
|Correction with low priority||0|
On December Patch Day SAP presents 1 HotNews Security Note and 12 medium-severity Security Notes.
The last month of the year seems short on high-severity note releases. However, we will cover the most significant among them in our digest today.
We will start with Note 2622660 – Security updates for the browser control Google Chromium delivered with SAP Business Client – with the CVSS Score of 10. Due to the complexity of the Chromium systems, the updates for these systems are pretty regular. Suppose you are aware of the number of security issues in this field. In that case, you should also rest assured the fixes necessary will be released sooner or later for the most severe ones as the priority.
Another important Note to highlight is 2504979 – Upgrade SSL support to TLSv1.2 – with a CVSS Score of 6.4, which tells that MDM (SSLv3 supported) was vulnerable to various security issues like POODLE attack until SP19. SSL protocols could be found very dangerous to the SAP environment, which is why the appropriate support of MDM is essential.