On the 14th of July 2020, SAP Security Patch Day saw the release of 7 new Security Notes.
There were 2 updates to previously released Patch Day Security Notes.
Notes by severity
|Correction with high priority||1|
|Correction with medium priority||6|
|Correction with low priority||0|
On August Patch Day SAP presents 3 high-severity Notes with 2 of them rated as HotNews.
We start our relatively short digest for today with the usual update of a 2622660 Security Note – Security updates for the browser control Google Chromium delivered with SAP Business Client with a CVSS Score of 9.8.
Another HotNews Note for today is 2934135 – Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) – with a CVSS Score of 10. The Note describes such vulnerabilities to attacks of LM Configuration Wizard as Missing Authentication and Path Traversal. An attacker without prior authentication and then execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user due to missing authentication. The insufficient input path validation of certain parameters in the web service, on the other hand, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory.