We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 24 and the highest
CVSS
score is 9.3.
Severity
SAP© Security advisories 24
System Types
Affected SAP© system types
2904480
CVSS
9.3
Affected system type
SAP Commerce Cloud
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6238] Missing XML Validation vulnerability in SAP Commerce
2896682
CVSS
9.1
Affected system type
Java
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6225] Directory Traversal vulnerability in SAP NetWeaver (Knowledge Management)
2863731
CVSS
9.1
Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
2900118
CVSS
9.1
Affected system type
SAP Orient DB
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6230] Code Injection vulnerability in SAP OrientDB 3.0
2906994
CVSS
8.6
Affected system type
SAP Solution Manager
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6235] Missing authentication check in SAP Solution Manager (Diagnostics Agent )
2898077
CVSS
7.5
Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6237] Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application)
2902645
CVSS
7.2
Affected system type
SAP Host Agent
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6234] Privilege Escalation in SAP Host Agent
2902456
CVSS
7.2
Affected system type
SAP Landscape Management
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6236] Privilege Escalation in SAP Landscape Management (SAP Adaptive Extensions)
2878507
CVSS
6.4
Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6195] Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform
2877226
CVSS
6.3
Affected system type
ABAP
Patchday
2020-04
Released on
2020/03/12
Description
Switchable Authorization checks in SAP Supplier Relationship Management
2864966
CVSS
6.3
Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6212] Missing Authorization Check in SAP ERP & S/4 HANA (Egypt localized Withholding Tax reports)
2826528
CVSS
6.2
Affected system type
Java
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6224] Information Disclosure in SAP NetWeaver Application Server Java (HTTP Service)
2900374
CVSS
6.1
Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6229] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)
2872752
CVSS
6.1
Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6213]Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP(Business Server Pages Test Application SBSPEXT_PHTMLB)
2872782
CVSS
6.1
Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP – Business Server Pages Test Application IT00
2872545
CVSS
6.1
Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6217] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)
2876059
CVSS
6.1
Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6216] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BILaunchpad/ Opendocument)
2880804
CVSS
5.4
Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
2879132
CVSS
5.4
Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6226] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface)
2888556
CVSS
5.3
Affected system type
SAP Commerce Cloud
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6232] Missing Authorization check in SAP Commerce
2866752
CVSS
5.3
Affected system type
SAP GUI / Frontend
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6228] Missing Integrity Check in SAP BUSINESS CLIENT
2863396
CVSS
5.3
Affected system type
BI/BO platform
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6227] Remote unauthenticated log injection in SAP Business Objects Business Intelligence Platform (CMS / Auditing issues)
2897612
CVSS
4.7
Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6214] Incorrect Authorization in SAP S/4HANA (Financial Products Subledger)
2904796
CVSS
4.3
Affected system type
ABAP
Patchday
2020-04
Released on
2020/04/14
Description
[CVE-2020-6233] Missing Authorization Check in SAP S/4 HANA (Financial Products Subledger and Banking Services)