On the 9th of July 2019, SAP Security Patch Day saw the release of 11 Security Notes.
Notes by severity
|Correction with high priority||1|
|Correction with medium priority||9|
|Correction with low priority||0|
On July Patch Day SAP presents 1 HotNews Security Note and 1 high-severity Note.
Starting with the first HotNews Note 2808158 – OS Command Injection vulnerability in SAP Diagnostics Agent – with a CVSS Score of 9.1. With a code injection attack, the application would run the code, making him vulnerable. An attacker could thereby control the behavior of the application.
The last Note to describe is 2774489 – Code Injection vulnerability in ABAP Tests Modules of SAP NetWeaver Process Integration – with a CVSS Score of 8.7. The effect of this vulnerability enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.