SAP Security Notes - September 2019 - Safe O'Clock

SAP Security Notes – September 2019

September 10, 2019

On the 10th of September 2019, SAP Security Patch Day saw the release of 12 Security Notes.

Notes by severity

HotNews 3
Correction with high priority 1
Correction with medium priority 7
Correction with low priority 1

Highlights

On September Patch Day SAP presents 3 HotNews Security Notes and 1 high-severity Note.

Starting with the first HotNews Note 2808158OS Command Injection vulnerability in SAP Diagnostics Agent – with a CVSS Score of 9.1. A vulnerability was discovered that enables the execution of arbitrary code. This note corrects these additional instances since the earlier adjustment did not address them all. Since the vulnerability was discovered in one of the essential components of Solution Manager, patches or the notice should be deployed right away. Another Note represents this vulnerability – 2823733 – An it is the “Update 1”, to replace the recommendations of the original Note.

The next Note is 2798336Code Injection vulnerability in SAP NetWeaver AS for Java(Web Container) – with a CVSS Score of 9.1. An attacker can inject code into the Java Web Container of the application server, which the application can then run. Hence, an attacker could command how the application behaved.

The last Note to describe is 2817491Multiple security vulnerabilities in SAP HANA Extended Application Services (Advanced Model) – with a CVSS Score of 7.7. This note addresses multiple vulnerabilities in SAP HANA Extended Application Services such as Denial of Service (DOS) and Internal Port Scanning.

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – May 2024

On the 14th of May 2024, SAP Security Patch Day saw the release of 14 new Security Notes. There were […]

Read more
SAP Security Notes – April 2024

On the 9th of April 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for March 2024

SAP and NVIDIA partnership Another SAP partnership has benefited from the use of artificial intelligence. SAP SE and NVIDIA announced […]

Read more
SAP Security Notes – March 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK