We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 19 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 19
System Types
Affected SAP© system types
2622660
CVSS
10.0
Affected system type
SAP GUI / Frontend
Patchday
2020-02
Released on
2018/04/10
Description
Security updates for the browser control Google Chromium delivered with SAP Business Client
2841053
CVSS
7.5
Affected system type
SAP Host Agent
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6186] Denial of Service (DOS) Vulnerability in SAP Host Agent
2695776
CVSS
7.4
Affected system type
SAP Mobile Platform
Patchday
2020-02
Released on
2020/01/14
Description
Missing Authorization Check in SAP Mobile Platform Native SDK, Android
2878030
CVSS
7.2
Affected system type
SAP Landscape Management
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6191] Missing Input Validation in SAP Landscape Management
2877968
CVSS
7.2
Affected system type
SAP Landscape Management
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6192] Missing Input Validation in SAP Landscape Management
2822074
CVSS
6.6
Affected system type
ABAP
Patchday
2020-02
Released on
2020/01/14
Description
Missing Authorization check in SAP NetWeaver (ABAP Server)
2736825
CVSS
6.5
Affected system type
ABAP
Patchday
2020-02
Released on
2019/03/12
Description
[CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
2870067
CVSS
6.5
Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11
Description
Update 1 to Security Note 2736825 - [CVE-2019-0271] Denial of Service via XML External Entity (XXE) vulnerability in ABAP Server
2857511
CVSS
6.3
Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6188] Missing Authorization check in SAP ERP and S/4 HANA (VAT Pro-Rata reports)
2688383
CVSS
6.3
Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11
Description
Missing authorization check in Dangerous Goods Management of EHS Services in SCM
2057196
CVSS
6.3
Affected system type
ABAP
Patchday
2020-02
Released on
2014/09/17
Description
Missing authorization check in IS-B-BCA-AM
2873012
CVSS
6.1
Affected system type
Java
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6193]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Knowledge Management ICE Service)
2880869
CVSS
6.1
Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6184 ]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver and SAP S/4HANA
2880744
CVSS
5.8
Affected system type
ABAP
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6181] HTTP Response Splitting vulnerability in SAP NetWeaver and ABAP Platform
2836445
CVSS
5.3
Affected system type
SAP Host Agent
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6183] Unprivileged Access to technical data using SAPOSCOL of SAP Host Agent
2695210
CVSS
5.3
Affected system type
BI/BO platform
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6189] Information Disclosure in SAP BusinessObjects BI Central Management Console
2838835
CVSS
5.3
Affected system type
Java
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6190]Information Disclosure in SAP NetWeaver AS Java (Heap Dump Application)
2864415
CVSS
4.9
Affected system type
Java
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6187]Missing XML Validation vulnerability in SAP NetWeaver(Guided Procedures)
2880993
CVSS
4.3
Affected system type
SAP Mobile Platform
Patchday
2020-02
Released on
2020/02/11
Description
[CVE-2020-6177] Missing XML Validation vulnerability in SAP Mobile Platform