We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 16 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 16
System Types
Affected SAP© system types
2985866
CVSS
10.0
Affected system type
Java
Patchday
2020-11
Released on
2020/11/10
Description
[Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack)
2982840
CVSS
9.8
Affected system type
SAP Data Services
Patchday
2020-11
Released on
2020/11/10
Description
Multiple Vulnerabilities in SAP Data Services
2979062
CVSS
9.1
Affected system type
Java
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server)
2973735
CVSS
9.1
Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/11
Description
[CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS)
2984627
CVSS
8.6
Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26815] Security Vulnerabilities in SAP Fiori Launchpad (NewsTile Application)
2975170
CVSS
7.5
Affected system type
SAP Commerce Cloud
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock)
2975189
CVSS
7.5
Affected system type
SAP Commerce Cloud
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26809] Information Disclosure in SAP Commerce Cloud
2971954
CVSS
6.5
Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro)
2319577
CVSS
5.4
Affected system type
ABAP
Patchday
2020-11
Released on
2020/10/27
Description
SQL Injection in SAF-T Portugal
2264508
CVSS
5.4
Affected system type
ABAP
Patchday
2020-11
Released on
2020/10/27
Description
SQL Injection in SAF-T Portugal
2824209
CVSS
5.4
Affected system type
Java
Patchday
2020-11
Released on
2020/11/10
Description
Clickjacking vulnerability in SAP Process Integration (Integration Builder Framework)
2952084
CVSS
4.9
Affected system type
Java
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On)
2971112
CVSS
4.4
Affected system type
SAP ERP Client for E-Bilanz
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0
2944188
CVSS
4.3
Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA
2985094
CVSS
4.3
Affected system type
SAP 3D Visual Enterprise
Patchday
2020-11
Released on
2020/11/10
Description
[CVE-2020-26817] Improper input validation in Visual Enterprise Viewer
2947891
CVSS
3.0
Affected system type
ABAP
Patchday
2020-11
Released on
2020/11/10
Description
Missing Authorization check in Disbursement Read API used in Read Disbursement Webservice