On the 12th of March 2019, SAP Security Patch Day saw the release of 12 Security Notes.
Notes by severity
|Correction with high priority||1|
|Correction with medium priority||9|
|Correction with low priority||0|
On March Patch Day SAP presents 2 HotNews Security Note and 1 high-severity Notes.
Starting with the first HotNews Note 2622660 – Security updates for the browser control Google Chromium delivered with SAP Business Client – with a CVSS Score of 9.9. This security note addresses various flaws in the Chromium third-party web browser control, which is a component of the SAP Business Client. This message will be updated on a regular basis in accordance with Chromium’s open source web browser releases.
The next is HotNews Note is 2742027 – Missing authentication check in SAP HANA Extended Application Services, advanced model – with a CVSS Score of 9.4. For XS advanced platform and business users, SAP HANA Extended Application Services, advanced model (XS advanced) occasionally fails to properly execute authentication checks.
The last is high-severity Note to describe is 2689925 – Cross-Site Scripting (XSS) Vulnerability in SAP NW SAML 1.1 SSO Demo App – with a CVSS Score of 7.6. User-controlled inputs in the SAP NetWeaver Java Application Server’s SAML 1.1 SSO Demo Application are not appropriately encoded, creating an XSS vulnerability.