On the 13th of October 2020, SAP Security Patch Day saw the release of 15 new Security Notes.
There were 6 updates to previously released Patch Day Security Notes.
Notes by severity
|Correction with high priority||7|
|Correction with medium priority||11|
|Correction with low priority||1|
On October Patch Day SAP presents 9 high-severity Notes with 2 of them rated as HotNews.
We will start our short digest of the few HotNews to explore with Note 2969828 – OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run) – with a maximum CVSS Score of 10. The CA Introscope Enterprise Manager, release 10.7.0.304 or lower, has a Remote OS command injection vulnerability. The landscapes of SAP Solution Manager and SAP Focused Run could be exploited, which might lead to severe security compromises for the systems. The solution steps for the Note were explained in depth, so we suggest our audience apply them as required.
The second HotNews Note 2622660 is the usual update for the Chromium systems – Security updates for the browser control Google Chromium delivered with SAP Business Client – with a CVSS Score of 10, as always. Remind yourself that the Chromium version actualization is the key to landscape security for all SAP users.