We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.

The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and suggestions.

×

Yikes, there is work to do!
This time we found critical correction advisiories. We count 22 and the highest CVSS score is 9.1.

 

Severity
SAP© Security advisories 22
 System Types
Affected SAP© system types

 

Related note
2845780
CVSS
6.7

Affected system type SAP Adaptive Server...
Patchday 2019-12
Released on 2019/12/10
Description [CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise
Security Advisory
Related note
2504979
CVSS
6.4

Affected system type Java
Patchday 2019-12
Released on 2019/12/10
Description Upgrade SSL support to TLSv1.2
Security Advisory
Related note
2734675
CVSS
6.3

Affected system type ABAP
Patchday 2019-12
Released on 2019/12/10
Description Missing Authorization Check in SAP Cash Management
Security Advisory
Related note
2830578
CVSS
5.4

Affected system type BI/BO platform
Patchday 2019-12
Released on 2019/12/10
Description [CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)
Security Advisory
Related note
2803554
CVSS
5.3

Affected system type ABAP
Patchday 2019-12
Released on 2019/12/10
Description [CVE-2019-0399] Potential Information Disclosure in SAP Portfolio and Project Management
Security Advisory
Related note
2745211
CVSS
5.3

Affected system type Java
Patchday 2019-12
Released on 2019/12/10
Description Information Disclosure in PI Axis Adapter
Security Advisory
Related note
2845183
CVSS
5.3

Affected system type SAP Enable Now
Patchday 2019-12
Released on 2019/12/10
Description [CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911
Security Advisory
Related note
2814462
CVSS
5.3

Affected system type ABAP
Patchday 2019-12
Released on 2019/11/26
Description Missing Authorization Check in S/4Hana ACR Brazil Option Features
Security Advisory
Related note
2701027
CVSS
4.3

Affected system type BI/BO platform
Patchday 2019-12
Released on 2019/12/10
Description [CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)
Security Advisory
Related note
2839864
CVSS
9.1

Affected system type Java
Patchday 2019-11
Released on 2019/11/12
Description Update 2 to Security Note 2808158: [CVE-2019-0330] OS Command Injection vulnerability in SAP Diagnostics Agent
Security Advisory
Related note
2814007
CVSS
7.1

Affected system type BI/BO platform
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Security Advisory
Related note
2393937
CVSS
7.1

Affected system type ABAP
Patchday 2019-11
Released on 2019/11/12
Description VMC Authority Check
Security Advisory
Related note
2833771
CVSS
6.5

Affected system type SAP Enable Now
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0385] Cross-Site Scripting (XSS) vulnerability in SAP Enable Now
Security Advisory
Related note
2840520
CVSS
6.3

Affected system type ABAP
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0386] - Missing authorization check in ERP Sales and SAP S/4HANA sales (SD-SLS)
Security Advisory
Related note
2828981
CVSS
6.3

Affected system type ABAP
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0384] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Security Advisory
Related note
2814357
CVSS
5.9

Affected system type Java
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0389] Privilege escalation in SAP NetWeaver Application Server Java
Security Advisory
Related note
2817937
CVSS
5.4

Affected system type BI/BO platform
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence)
Security Advisory
Related note
2816035
CVSS
5.4

Affected system type ABAP
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0393] SQL injection vulnerability in SAP Quality Management
Security Advisory
Related note
2842034
CVSS
5.0

Affected system type SAP Data Hub
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0390] Information Disclosure in SAP Data Hub
Security Advisory
Related note
2835226
CVSS
4.3

Affected system type Java
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0391] Information Disclosure in SAP NetWeaver Application Server Java (eCATT service)
Security Advisory
Related note
2819170
CVSS
4.3

Affected system type ABAP
Patchday 2019-11
Released on 2019/11/12
Description [CVE-2019-0383] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
Security Advisory
Related note
962319
CVSS
5.3

Affected system type Java
Patchday 2019-05
Released on 2006/07/07
Description Detailed error messages with stack trace in Web Dynpro
Security Advisory