Firma SAP publikuje aktualizacje bezpieczeństwa 07/2019

utworzone przez | lip 10, 2019 | Uncategorized

W dniu 9 lipca firma SAP wydała aktualizacje bezpieczeństwa, które obejmują 11 nowych poprawek w tym 1 jest krytyczna i 1 ma priorytet  “wysoki”.

CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.

Pełna lista poprawek:

Note# Title Priority CVSS
2808158 [CVE-2019-0330OS Command Injection vulnerability in SAP Diagnostics Agent

Product – SAP Diagnostic Agent (LM-Service); Version – 7.20

 Hot News 9.1
2774489 [CVE-2019-0328] Code Injection vulnerability in ABAP Tests Modules of SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration ABAP tests (SAP Basis), Version – 7.0, 7.1, 7.3, 7.31, 7.4, 7.5		 High 8.7
2781873 [CVE-2019-0322Denial of service (DOS) in SAP Commerce Cloud
Product – SAP Commerce Cloud (ex SAP Hybris Commerce) (HY_COM), Versions – 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811		 Medium 6.5
2756539 [CVE-2019-0281Cross-Site Scripting (XSS) vulnerability in SAPUI5 and OpenUI5
Product – OpenUI5, Versions – <= 1.38.39, <= 1.44.39, <= 1.52.25, <= 1.60.6, <= 1.63.0		 Medium 6.1
2804833 [CVE-2019-0329] Cross-Site Scripting (XSS) vulnerability in SAP Information Steward 4.2
Product – SAP Information Steward, Versions – 4.2		 Medium 6.1
2773888 [CVE-2019-0321Cross-Site Scripting (XSS) vulnerability in ABAP Server and ABAP Platform

Product – ABAP Server and ABAP Platform (SAP Basis), Versions – 7.31, 7.4, 7.5

 Medium 6.1
2764733 [CVE-2019-0326Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)
Product –  SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), Versions – 4.1, 4.2, 4.3		 Medium 6.1
2777910 [CVE-2019-0327Unrestricted File Upload vulnerability in SAP NetWeaver AS Java (Web Container)
Product –  SAP NetWeaver for Java Application Server (Web Container), Versions – engineapi (7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), servercode (7.2, 7.3, 7.31, 7.4, 7.5)		 Medium 5.9
2798133 [CVE-2019-0325Missing Authorization check in SAP ERP HCM
Product – SAP ERP HCM (SAP_HRCES), Version – 3		 Medium 5.4
2738791 [CVE-2019-0318Information disclosure in SAP NetWeaver AS Java (Startup Framework)
Product – SAP NetWeaver Application Server for Java (Startup Framework), Versions – 7.21, 7.22, 7.45, 7.49, and 7.53		 Medium 5.3
2752614 [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway
Product – SAP Gateway, Versions – 7.5, 7.51, 7.52 and 7.53		 Medium 4.3