SAP Security Notes - November 2020 - Safe O'Clock

SAP Security Notes – November 2020

November 10, 2020

On the 10th of November 2020, SAP Security Patch Day saw the release of 12 new Security Notes.

There were 3 updates to previously released Patch Day Security Notes. 

Notes by severity

HotNews 6
Correction with high priority 3
Correction with medium priority 6
Correction with low priority 0

Highlights

On November Patch Day SAP presents 9 high-severity Notes with 6 of them rated as HotNews.

Let us bring here an overview of information on HotNews Security Notes released for today, starting with Note 2985866Missing Authentication Check in SAP Solution Manager (JAVA stack) – with a CVSS Score of 10. Due to missing authentication checks in SAP Solution Manager, an unauthenticated attacker can compromise the system. Another Note was updated from August for SAP Solution Manager, with a CVSS Score of 10, which is 2890213. It covers the Missing Authentication Check. The Support Packages & Patches’ information was updated.

The next Note, 2982840, describes a complex of SAP Data Service vulnerabilities, such as Remote Code Execution and Denial of Service attack. These vulnerabilities could compromise the confidentiality, integrity and availability of the system. The CVSS Scores for the parts of the Note are 9.8 and 7.5, both considerably high to overview.

Knowledge Management service and Application Server for Java (UDDI Server) both receive the security Notes to provide the instructions necessary for SAP NetWeaver. The corresponding solution steps could be found in Note 2979062Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server) – with a CVSS Score of 9.1, and the update for the Note 2928635Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management) – with a CVSS Score of 9.0.

The last highlight for today is Note 2973735Code Injection in SAP AS ABAP and S/4 HANA (DMIS) – with a CVSS Score of 9.1. The Note was re-released with updated Support Packages & Patches information.

 

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – August 2023

On the 8th of August 2023, SAP Security Patch Day saw the release of 15 new Security Notes. There were […]

Read more
SAP News Overview for July 2023

SAP Advisory Group speaks AI ethics Last month, the regular meeting of the SAP Advisory Group on the Ethics of Artificial […]

Read more
SAP Security Notes – July 2023

On the 11th of July 2023, SAP Security Patch Day saw the release of 16 new Security Notes. There were […]

Read more
SAP News Overview for June 2023

VMware implemented SAP Commissions VMware is an influential software company founded back in 1998. During its existence, the company has […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK