We've created the first of its kind, SecurityBridge Cloud Platform, designed to prioritize SAP patches, updates, and remediation strategies that help prevent disruptions to critical business systems. Our security advisories provide SAP users with valuable insights into the security and business implications of operating SAP.
The user interface is designed to be as intuitive as possible, but we’d love to hear your feedback and
suggestions.
×
Yikes, there is work to do!
This time we found critical correction advisiories. We count 12 and the highest
CVSS
score is 10.0.
Severity
SAP© Security advisories 12
System Types
Affected SAP© system types
2974774
CVSS
10.0
Affected system type
Java
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26829] Missing Authentication Check in SAP NetWeaver AS JAVA (P2P Cluster Communication)
2989075
CVSS
9.6
Affected system type
BI/BO platform
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
2983367
CVSS
9.1
Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA
2983204
CVSS
8.5
Affected system type
SAP Solution Manager
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26837] Multiple Vulnerabilities in SAP Solution Manager 7.2 (User Experience Monitoring)
2993132
CVSS
7.6
Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26832] Missing Authorization check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation)
2974330
CVSS
6.5
Affected system type
Java
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26826] Unrestricted File Upload vulnerability in SAP NetWeaver Application Server for Java (Process Integration Monitoring)
2989719
CVSS
6.3
Affected system type
ABAP
Patchday
2020-12
Released on
2020/11/24
Description
Missing Authorization check in S/4HANA (Central Finance)
2971163
CVSS
5.4
Affected system type
Java
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service)
2971180
CVSS
5.4
Affected system type
SAP Disclosure Management
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26828] Formula Injection in SAP Disclosure Management
2996479
CVSS
5.3
Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26835] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP
2978768
CVSS
4.2
Affected system type
HANA Platform
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26834 ] Improper authentication in SAP HANA database
2938650
CVSS
3.4
Affected system type
ABAP
Patchday
2020-12
Released on
2020/12/08
Description
[CVE-2020-26836] Open Redirect in SAP Solution Manager (Trace Analysis)