SAP Security Notes - November 2020 - Safe O'Clock

SAP Security Notes – November 2020

November 10, 2020

On the 10th of November 2020, SAP Security Patch Day saw the release of 12 new Security Notes.

There were 3 updates to previously released Patch Day Security Notes. 

Notes by severity

HotNews 6
Correction with high priority 3
Correction with medium priority 6
Correction with low priority 0

Highlights

On November Patch Day SAP presents 9 high-severity Notes with 6 of them rated as HotNews.

Let us bring here an overview of information on HotNews Security Notes released for today, starting with Note 2985866Missing Authentication Check in SAP Solution Manager (JAVA stack) – with a CVSS Score of 10. Due to missing authentication checks in SAP Solution Manager, an unauthenticated attacker can compromise the system. Another Note was updated from August for SAP Solution Manager, with a CVSS Score of 10, which is 2890213. It covers the Missing Authentication Check. The Support Packages & Patches’ information was updated.

The next Note, 2982840, describes a complex of SAP Data Service vulnerabilities, such as Remote Code Execution and Denial of Service attack. These vulnerabilities could compromise the confidentiality, integrity and availability of the system. The CVSS Scores for the parts of the Note are 9.8 and 7.5, both considerably high to overview.

Knowledge Management service and Application Server for Java (UDDI Server) both receive the security Notes to provide the instructions necessary for SAP NetWeaver. The corresponding solution steps could be found in Note 2979062Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server) – with a CVSS Score of 9.1, and the update for the Note 2928635Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management) – with a CVSS Score of 9.0.

The last highlight for today is Note 2973735Code Injection in SAP AS ABAP and S/4 HANA (DMIS) – with a CVSS Score of 9.1. The Note was re-released with updated Support Packages & Patches information.

 

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – February 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 13 new Security Notes. There were […]

Read more
SAP Security Notes – January 2024

On the 9th of January 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP Security Notes – December 2023

On the 12th of December 2023, SAP Security Patch Day saw the release of 15 new Security Notes. There were […]

Read more
SAP Security Notes – November 2023

On the 14th of November 2023, SAP Security Patch Day saw the release of 3 new Security Notes. There were […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK