On the 11th of June 2019, SAP Security Patch Day saw the release of 12 Security Notes.
Notes by severity
|Correction with high priority||1|
|Correction with medium priority||10|
|Correction with low priority||1|
On June Patch Day SAP presents 1 high-severity Note.
We will cover the only high-severity Note for this month and it will be Note 2748699 – Information Disclosure in Solution Manager 7.2 / CA Introscope Enterprise Manager – with a CVSS Score of 7.1. Under certain conditions Solution Manager 7.2 allows an attacker to access information which would otherwise be restricted. The CA Introscope Enterprise Manager (EM) provides the Introscope Push service to actively push monitoring metrics from EM to Solution Manager for the Monitoring and Alerting Infrastructure (MAI) feature of Solution Manager. Calling a Solution Manager Web Service that requires authentication is Introscope Push.