SAP Security Notes - September 2020 - Safe O'Clock

SAP Security Notes – September 2020

September 8, 2020

On the 8th of September 2020, SAP Security Patch Day saw the release of 10 new Security Notes.

There were 6 updates to previously released Patch Day Security Notes.

Notes by severity

HotNews 4
Correction with high priority 2
Correction with medium priority 9
Correction with low priority 1

Highlights

On September Patch Day SAP presents 6 high-severity Notes with 4 of them rated as HotNews.

Usual update of a 2622660 Security Note – Security updates for the browser control Google Chromium delivered with SAP Business Client with a CVSS Score of 9.8 starts our list today.

Another HotNews Note is 2890213Missing Authentication Check in SAP Solution Manager – with a CVSS Score of 10. The Note was re-released with updated ‘Symptom’, and ‘Solution’ information. However, there have not been any changes done which require customer action.

An authenticated attacker could invoke certain functions that are restricted in SAP Marketing. This vulnerability was described in Note 2961991Improper Access Control in SAP Marketing (Mobile Channel Servlet) – with a CVSS Score of 9.6. A specific level of knowledge is required to perform tasks related to contact and interaction data, but this vulnerability is still considered to stay a high priority for mitigation.

SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40) contain a vulnerability which can be exploited to take complete control of the products, including viewing, changing, or deleting data. Such vulnerability was described and covered in Note 2958563Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform – with a CVSS Score of 9.1. The vulnerable code is present in only a limited number of the function modules, so the Score could easily be higher in other circumstances.

 

You Might Be Interested In

The latest news in the
sphere of SAP security

SAP Security Notes – April 2024

On the 9th of April 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for March 2024

SAP and NVIDIA partnership Another SAP partnership has benefited from the use of artificial intelligence. SAP SE and NVIDIA announced […]

Read more
SAP Security Notes – March 2024

On the 13th of February 2024, SAP Security Patch Day saw the release of 10 new Security Notes. There were […]

Read more
SAP News Overview for February 2024

SAP strengthens AI growth areas  In recent years, artificial intelligence has rightfully begun to gain increasing popularity among developers – […]

Read more

Subscribe today to get more insights,
updates, and industry trends

Delivered to your inbox weekly.
No spam. We respect your privacy

    This website use cookies. Learn more
    OK