W dniu 11 sierpnia firma SAP wydała aktualizacje bezpieczeństwa, która obejmują 16 nowych poprawek w tym 2 są krytyczne.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
| Note# | Title | Priority | CVSS |
| 2934135 | Update to Security Note released on July 2020 Patch Day: [CVE-2020-6287] Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) Additional CVE – CVE-2020-6286 Product – SAP NetWeaver AS JAVA (LM Configuration Wizard); Versions – 7.30, 7.31, 7.40, 7.50 |
Hot News | 10 |
| 2928635 | [CVE-2020-6284] Cross-Site Scripting (XSS) vulnerability in SAP Netweaver (Knowledge Management) Product – SAP NetWeaver (Knowledge Management); Versions – 7.30, 7.31, 7.40, 7.50 |
Hot News | 9 |
| 2927956 | [CVE-2020-6294] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform Product – SAP Business Objects Business Intelligence Platform; Versions – 4.2, 4.3 |
High | 8.5 |
| 2939685 | [CVE-2020-6298] Missing Authorization check in SAP Banking Services (Generic Market Data) Product – SAP Banking Services (Generic Market Data); Versions – 400, 450, 500 |
High | 8.3 |
| 2941667 | [CVE-2020-6296] Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755 |
High | 8.3 |
| 2941315 | [CVE-2020-6309] Missing Authentication check in SAP NetWeaver AS JAVA Product – SAP NetWeaver AS JAVA (ENGINEAPI); Versions – 7.10, 7.10 Product – SAP NetWeaver AS JAVA (WSRM); Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Product – SAP NetWeaver AS JAVA (SERVERCORE); Versions – 7.10, 7.10, 7.11 Product – SAP NetWeaver AS JAVA (J2EE-FRMW); Versions – J2EE-FRMW 7.10, 7.11 |
High | 7.5 |
| 2938162 | [CVE-2020-6293] Unrestricted File Upload in SAP NetWeaver (Knowledge Management) Product – SAP NetWeaver (Knowledge Management); Versions – 7.30, 7.31, 7.40, 7.50 |
High | 7.3 |
| 2941332 | [CVE-2020-6295] Information Disclosure in SAP Adaptive Server Enterprise Product – SAP Adaptive Server Enterprise; Version – 16.0 |
High | 7 |
| 2948317 | Cross-Site Scripting (XSS) vulnerabilities in SAP Commerce Related CVEs – CVE-2020-9281, CVE-2019-11358 Product – SAP Commerce; Versions – 6.7, 1808, 1811, 1905, 2005 |
Medium | 6.4 |
| 2940823 | [CVE-2020-6297] Information Disclosure in SAP Data Intelligence Product – SAP Data Intelligence; Version – 3 |
Medium | 6.3 |
| 2941170 | Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5 Related CVEs – CVE-2020-11022, CVE-2020-11023 Product – SAPUI5 (UISAPUI5_JAVA); Version – 7.50 Product – SAPUI5 (SAP_UI); Versions – 750, 751, 752, 753, 754, 755 Product – SAPUI5 (UI_700); Version – 200 |
Medium | 6.1 |
| 2949196 | [CVE-2020-6301] Missing Authorization check in SAP ERP (HCM Travel Management) Product – SAP ERP (HCM Travel Management); Versions – 600, 602, 603, 604, 605, 606, 607, 608 |
Medium | 5.4 |
| 2925827 | [CVE-2020-6300] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console) Product – SAP Business Objects Business Intelligence Platform (Central Management Console); Versions – 4.2, 4.3 |
Medium | 4.8 |
| 2885671 | [CVE-2020-6273] Missing Authorization check in SAP S/4 HANA (Fiori UI for General Ledger Accounting) Product – SAP S/4 HANA (Fiori UI for General Ledger Accounting); Versions – 103, 104 |
Medium | 4.3 |
| 2941510 | [CVE-2020-6299] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 740, 750, 751, 752, 753, 754, 755 |
Medium | 4.3 |
| 2944988 | [CVE-2020-6310] Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 702, 730, 731, 740, 750 |
Medium | 4.3 |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny