SAP Security Notes - October 2019 - Safe O'Clock

SAP Security Notes – October 2019

October 8, 2019

On the 8th of October 2019, SAP Security Patch Day saw the release of 7 Security Notes.

Notes by severity

HotNews 2
Correction with high priority 1
Correction with medium priority 4
Correction with low priority 0


On October Patch Day SAP presents 2 HotNews Security Notes and 1 high-severity Note.

Starting with the first HotNews Note 2826015Missing Authentication Check in AS2 Adapter of B2B Add-On for SAP NetWeaver Process Integration – with a CVSS Score of 9.3. This vulnerability, which exclusively affects the B2B Add On for PI, permits access to privileged or administrative activities because some features’ authorization checks do not require user identity. Although the note’s recommendations for changing system parameters can result in immediate risk mitigation, the solution involves using the most recent support package.

The next HotNews Note is 2828682Information Disclosure vulnerability in SAP Landscape Management Enterprise – with a CVSS Score of 9.1. LVM (LaMa) connectivity may be manipulated into returning more data that would not otherwise be allowed. In addition to some manual procedures described in the note, the solution entails applying the new patch for the component.

The last is high-severity Note 2792430Binary Planting vulnerability in SAP SQL Anywhere, SAP IQ and SAP Dynamic Tiering – with s CVSS Score of 7.8. A user with access to the system could modify the file search algorithm in systems using SAP’s SQL Anywhere, IQ, or Dynamic Tiering as part of a SAP HANA deployment to reveal directories outside the path set by the user. To resolve this issue, you must implement the most recent support packages as described in the note.


You Might Be Interested In

The latest news in the
sphere of SAP security

SAP News Overview for April 2023 – new SAP office in San Francisco, AMD is SAP customer and others

New SAP office in San Francisco SAP is constantly expanding to make its services available to more customers. The company […]

Read more
SAP Security Notes – May 2023

May 2023 On the 9th of May 2023, SAP Security Patch Day, 18 new Security Notes were released. There were […]

Read more
SAP Security Notes – April 2023

On the 11th of April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. There were […]

Read more
SAP News Overview for March 2023 – Industry Cloud for healthcare, Axfood and others

SAP’s Industry Cloud helps healthcare In life sciences and healthcare, SAP is committed to helping its customers develop and advance […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more