SAP Security Notes - October 2019 - Safe O'Clock

SAP Security Notes – October 2019

October 8, 2019

On the 8th of October 2019, SAP Security Patch Day saw the release of 7 Security Notes.

Notes by severity

HotNews 2
Correction with high priority 1
Correction with medium priority 4
Correction with low priority 0

Highlights

On October Patch Day SAP presents 2 HotNews Security Notes and 1 high-severity Note.

Starting with the first HotNews Note 2826015Missing Authentication Check in AS2 Adapter of B2B Add-On for SAP NetWeaver Process Integration – with a CVSS Score of 9.3. This vulnerability, which exclusively affects the B2B Add On for PI, permits access to privileged or administrative activities because some features’ authorization checks do not require user identity. Although the note’s recommendations for changing system parameters can result in immediate risk mitigation, the solution involves using the most recent support package.

The next HotNews Note is 2828682Information Disclosure vulnerability in SAP Landscape Management Enterprise – with a CVSS Score of 9.1. LVM (LaMa) connectivity may be manipulated into returning more data that would not otherwise be allowed. In addition to some manual procedures described in the note, the solution entails applying the new patch for the component.

The last is high-severity Note 2792430Binary Planting vulnerability in SAP SQL Anywhere, SAP IQ and SAP Dynamic Tiering – with s CVSS Score of 7.8. A user with access to the system could modify the file search algorithm in systems using SAP’s SQL Anywhere, IQ, or Dynamic Tiering as part of a SAP HANA deployment to reveal directories outside the path set by the user. To resolve this issue, you must implement the most recent support packages as described in the note.

 

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – August 2023

On the 8th of August 2023, SAP Security Patch Day saw the release of 15 new Security Notes. There were […]

Read more
SAP News Overview for July 2023

SAP Advisory Group speaks AI ethics Last month, the regular meeting of the SAP Advisory Group on the Ethics of Artificial […]

Read more
SAP Security Notes – July 2023

On the 11th of July 2023, SAP Security Patch Day saw the release of 16 new Security Notes. There were […]

Read more
SAP News Overview for June 2023

VMware implemented SAP Commissions VMware is an influential software company founded back in 1998. During its existence, the company has […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK