On the 8th of January 2019, SAP Security Patch Day saw the release of 12 Security Notes.
Notes by severity
|Correction with high priority
|Correction with medium priority
|Correction with low priority
On January Patch Day SAP presents 2 HotNews Security Notes.
Starting with the first HotNews Note 2696233 – Multiple Vulnerabilities in SAP Cloud Connector – with a CVSS Score of 9.3. The SAP Cloud Connector enables cloud services, such as those that retrieve ERP data from a SAP cloud service, to safely access on-premises systems and resources. A user can be able to do a task that they shouldn’t be able to due to a missing authentication check. The SAP Cloud Connector version 2.11.3, which is the most recent version that can be downloaded, is the fix.
The last is HotNews Note 2727624 – Information Disclosure in SAP Landscape Management – with a CVSS Score of 9.4. With the introduction of SAP HANA databases, this Note fixes a vulnerability that allowed information to be exposed in SAP Landscape Management. A SAP Landscape Management patch is available to fix the problem, and the SAP Note contains manual actions to take.