SAP Security Notes - December 2020 - Safe O'Clock

SAP Security Notes – December 2020

December 8, 2020

On the 8th of December 2020, SAP Security Patch Day saw the release of 13 new Security Notes.

There were 2 updates to previously released Patch Day Security Notes. 

Notes by severity

HotNews 4
Correction with high priority 2
Correction with medium priority 6
Correction with low priority 1

Highlights

On December Patch Day SAP presents 6 high-severity Notes with 4 of them rated as HotNews.

Today we start our monthly digest with 2974774 Security Note – Missing Authentication Check In SAP NetWeaver AS JAVA (P2P Cluster Communication) – with the highest CVSS Score of 10. An unauthenticated attacker could invoke access to system administration functions or shut down the system completely with no privileges required through insecure P2P Cluster Communication services. We suggest special attention to applying the presented solution.

BusinessObjects Business Intelligence Platform receives attention with 2989075 Security Note due to Missing XML Validation. An attacker with basic privileges can inject some arbitrary XML entities which result in a potential Server Side Request Forgery or denial-of-service. The CVSS Score of this Note is 9.6.

The next HotNews is Security Note 2983367Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA. Without requiring any user interaction, the potential attacker can submit a crafted request to generate and execute code allowed by Master Data Management. The CVSS Score is 9.1.

The last HotNews for today is Code Injection in SAP AS ABAP and S/4 HANA (DMIS) – Security Note 2973735 with a CVSS Score of 9.1. Due to a lack of input validation, the potential attacker can inject malicious ABAP code, which will be saved persistently in a report in the ABAP repository.

 

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK