We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 20 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 20
System Types
Affected SAP© system types
2890213
CVSS
10.0
Affected system type
Java
Exploit available
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6207] Missing Authentication Check in SAP Solution Manager (User-Experience Monitoring)
2845377
CVSS
9.8
Affected system type
Java
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6198] Missing Authentication check in SAP Solution Manager (Diagnostics Agent)
2806198
CVSS
9.1
Affected system type
Java
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6203] Path Manipulation in SAP NetWeaver UDDI Server(Services Registry)
2861301
CVSS
8.2
Affected system type
BI/BO platform
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6208] Remote Code Execution in SAP Business Objects Business Intelligence Platform (Crystal Reports)
2858044
CVSS
7.5
Affected system type
SAP Disclosure Management
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6209] Missing Authorization check in SAP Disclosure Management
2826782
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6196] Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService)
1966029
CVSS
7.3
Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10
Description
Directory traversal in SAP Environment Health and Safety
2660005
CVSS
7.2
Affected system type
SAP MaxDB
Patchday
2020-03
Released on
2018/08/14
Description
[CVE-2018-2450] SQL Injection Vulnerability in SAP MaxDB/liveCache
2731871
CVSS
6.3
Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10
Description
Missing Authorization check in Commercial Project Management
2884910
CVSS
6.1
Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6205] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Business Server Pages (Smart Forms)
2876813
CVSS
6.1
Affected system type
SAP Commerce Cloud
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6201] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud (testweb extension)
2892570
CVSS
5.9
Affected system type
ABAP Development Tools
Patchday
2020-03
Released on
2020/03/10
Description
Missing XML Validation vulnerability in ABAP Development Tools
2847787
CVSS
5.5
Affected system type
Java
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6202] Missing XML Validation in SAP NetWeaver Application Server Java (User Management Engine)
2871167
CVSS
5.4
Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6199] Missing Authorization check in SAP ERP and S/4 HANA (MENA Certificate Management)
2876413
CVSS
5.4
Affected system type
SAP Commerce Cloud
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6200] Cross-Site-Scripting in SAP Commerce Cloud (SmartEdit extension)
2880664
CVSS
5.4
Affected system type
SAP Enable Now
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6178] Insufficient session expiration in SAP Enable Now Manager
2859004
CVSS
4.7
Affected system type
SAP CPI DS
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6206] Cross-Site Request Forgery in SAP Cloud Platform Integration for data services
2864462
CVSS
4.7
Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6210] Cross-Site Scripting (XSS) vulnerability in SAP Fiori Launchpad
2841874
CVSS
4.3
Affected system type
ABAP
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6204] Missing Authorization check in SAP Treasury and Risk Management (Transaction Management)
2845363
CVSS
3.8
Affected system type
SAP Enable Now
Patchday
2020-03
Released on
2020/03/10
Description
[CVE-2020-6197] Insufficient session expiration in SAP Enable Now Manager