Firma SAP publikuje aktualizacje bezpieczeństwa 07/2020

W dniu 14 lipca firma SAP wydała aktualizacje bezpieczeństwa, które obejmują 10 nowych poprawek w tym 2 są krytyczne.

CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.

Pełna lista poprawek:

Note#	Title	Priority	CVSS
2934135	[CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) Additional CVE – CVE-2020-6286 Product – SAP NetWeaver AS JAVA (LM Configuration Wizard); Versions – 7.30, 7.31, 7.40, 7.50	Hot News	10
2622660	Update to Security Note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5	Hot News	9.8
2932473	[CVE-2020-6285] Information Disclosure in SAP NetWeaver (XMLToolkit for Java) Product – SAP NetWeaver (XML Toolkit for JAVA); Versions – ENGINEAPI 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50	High	7.7
2758000	[CVE-2020-6267] Multiple vulnerabilities in SAP Disclosure Management Additional CVEs – CVE-2020-6289, CVE-2020-6290, CVE-2020-6291, CVE-2020-6292 Product – SAP Disclosure Management ; Version – 1.0	Medium	6.3
2917743	[CVE-2020-6281] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad) Product – SAP Business Objects Business Intelligence Platform (BI Launchpad); Version – 4.2	Medium	6.1
2849967	[CVE-2020-6276] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata) Product – SAP Business Objects Business Intelligence Platform (bipodata); Version – 4.2	Medium	6.1
2896025	[CVE-2020-6282] Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service) Product – SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE); Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Product – SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS); Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50	Medium	5.8
2912708	[CVE-2020-6278] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) Product – SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC); Versions – 4.1, 4.2	Medium	5.4
2880804	*Update to Security Note released on April 2020 Patch Day:* [CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) , Versions – 4.1, 4.2	Medium	5.4
2927373	[CVE-2020-6280] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 731, 740, 750	Low	2.7

Firma SAP publikuje aktualizacje bezpieczeństwa 07/2020

Tagi

Kategorie