Firma SAP publikuje aktualizacje bezpieczeństwa 07/2020

utworzone przez | lip 14, 2020 | Aktualizacje

W dniu 14 lipca firma SAP wydała aktualizacje bezpieczeństwa, które obejmują 10 nowych poprawek w tym 2 są krytyczne.

CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.

Pełna lista poprawek:

Note# Title Priority CVSS
2934135 [CVE-2020-6287Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)
Additional CVE – CVE-2020-6286
Product – SAP NetWeaver AS JAVA (LM Configuration Wizard); Versions – 7.30, 7.31, 7.40, 7.50 		 Hot News 10
2622660 Update to Security Note released on April 2018 Patch Day:
Security updates for the browser control Google Chromium delivered with SAP Business Client
Product – SAP Business Client, Version – 6.5		 Hot News 9.8
2932473 [CVE-2020-6285Information Disclosure in SAP NetWeaver (XMLToolkit for Java)
Product – SAP NetWeaver (XML Toolkit for JAVA); Versions – ENGINEAPI 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 		 High 7.7
2758000 [CVE-2020-6267Multiple vulnerabilities in SAP Disclosure Management
Additional CVEs – CVE-2020-6289CVE-2020-6290CVE-2020-6291CVE-2020-6292
Product – SAP Disclosure Management ; Version – 1.0		 Medium 6.3
2917743 [CVE-2020-6281Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad)
Product – SAP Business Objects Business Intelligence Platform (BI Launchpad); Version – 4.2		 Medium 6.1
2849967 [CVE-2020-6276Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata)
Product – SAP Business Objects Business Intelligence Platform (bipodata); Version – 4.2		 Medium 6.1
2896025 [CVE-2020-6282Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service)
Product – SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE); Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
Product – SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS); Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 		 Medium 5.8
2912708 [CVE-2020-6278Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC)
Product – SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC); Versions – 4.1, 4.2 		 Medium 5.4
2880804 Update to Security Note released on April 2020 Patch Day:
[CVE-2020-6222Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) , Versions – 4.1, 4.2 		 Medium 5.4
2927373 [CVE-2020-6280Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 731, 740, 750 		 Low 2.7