SAP Security Notes - February 2020 - Safe O'Clock

SAP Security Notes – February 2020

February 13, 2020

On the 13th of February 2020, SAP Security Patch Day saw the release of 15 Security Notes.

Notes by severity

HotNews 1
Correction with high priority 3
Correction with medium priority 11
Correction with low priority 0

Highlights

On February Patch Day SAP presents 4 high-severity Notes with 1 of them rated as HotNews.

Security Note 2622660 is a traditional opening for the most Patch Days since the first release on April 2018 – Security updates for the browser control Google Chromium delivered with SAP Business Client – with a CVSS Score of 9.8. Several new updates are presented in the Note ‘Solution’ body.

The Note 2841053Denial of Service (DOS) Vulnerability in SAP Host Agent – with a CVSS Score of 7.5 – describes the possibility of a denial of service attack of the SAP Host Agent authentication service by sending malicious requests by an unauthenticated attacker. The OS-based authentication may be configured to delegate authentication requests to a remote server (e.g. LDAP, Active Directory etc). To protect these OS-based authentication and infrastructure components the SAP Host Agent limits the number of parallel authentication requests.

The other two Security Notes which were rated as high priority are 2878030Missing Input Validation in SAP Landscape Management – with a CVSS Score of 7.2, and 2877968 with the same name and CVSS Score. These issues described could allow an attacker to inject commands with malicious content that is executed in the context of user Root or <SID>adm.

 

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – April 2024

On the 9th of April 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for March 2024

SAP and NVIDIA partnership Another SAP partnership has benefited from the use of artificial intelligence. SAP SE and NVIDIA announced […]

Read more
SAP Security Notes – March 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for February 2024

SAP strengthens AI growth areas  In recent years, artificial intelligence has rightfully begun to gain increasing popularity among developers – […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK