W dniu 8 września firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 10 nowych poprawek w tym 2 są krytyczne.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
| Note# | Title | Priority | CVSS |
| 2890213 | Update to security note released on March 2020 Patch Day: [CVE-2020-6207] Missing Authentication Check in SAP Solution Manager Product – SAP Solution Manager (User Experience Monitoring), Version – 7.2 |
Hot News | 10 |
| 2622660 | Update to security note released on April 2018 Patch Day: Security updates for the browser control Google Chromium delivered with SAP Business Client Product – SAP Business Client, Version – 6.5 |
Hot News | 9.8 |
| 2961991 | [CVE-2020-6320] Improper Access Control in SAP Marketing (Mobile Channel Servlet) Product – SAP Marketing (Mobile Channel Servlet), Versions – 130, 140, 150 |
Hot News | 9.6 |
| 2958563 | [CVE-2020-6318] Code Injection vulnerability in SAP NetWeaver (ABAP Server) and ABAP Platform Product – SAP NetWeaver (ABAP Server) and ABAP Platform, Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 |
Hot News | 9.1 |
| 2941667 | Update to security note released on August 2020 Patch Day: [CVE-2020-6296] Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755 |
High | 8.3 |
| 2912939 | Update to security note released on June 2020 Patch Day: [CVE-2020-6275] Server Side Request Forgery vulnerability in SAP NetWeaver AS ABAP Product–SAP Netweaver AS ABAP, Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 |
High | 7.6 |
| 2951325 | [CVE-2020-6311] Improper Authorization Checks in Banking services from SAP Bank Analyzer and SAP S/4HANA Financial Products Product – BANKING SERVICES FROM SAP 9.0(Bank Analyzer), Version – 500 Product – S/4HANA FIN PROD SUBLDGR, Version – 100 |
Medium | 6.5 |
| 2934451 | [CVE-2020-6302] Session Fixation in SAP Commerce Product – SAP Commerce, Versions – 6.7, 1808, 1811, 1905, 2005 |
Medium | 6.4 |
| 2948239 | [CVE-2020-6324] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Test Application) Product – SAP NetWeaver AS ABAP (BSP Test Application), Versions – 700,701,702,730,731,740,750,751,752,753,754,755 |
Medium | 6.1 |
| 2941170 | Update to security note released on August 2020 Patch Day: Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5 Related CVEs – CVE-2020-11022, CVE-2020-11023 Product – SAPUI5 (UISAPUI5_JAVA); Version – 7.50 Product – SAPUI5 (SAP_UI); Versions – 750, 751, 752, 753, 754, 755 Product – SAPUI5 (UI_700); Version – 200 |
Medium | 6.1 |
| 2896025 | Update to security note released on July 2020 Patch Day: [CVE-2020-6282] Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service) Product – SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE); Versions –7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Product – SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS); Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
Medium | 5.8 |
| 2953112 | [CVE-2020-6326] Cross-Site Scripting (XSS) vulnerabilities in SAP NetWeaver AS Java Additional CVE – CVE-2020-6313 Product – SAP NetWeaver (Knowledge Management), Versions – 7.30,7.31,7.40,7.50 |
Medium | 5.4 |
| 2930128 | [CVE-2020-6325] Multiple Vulnerabilities in SAP BusinessObjects Business Intelligence Platform Additional CVEs – CVE-2020-6312, CVE-2020-6288 Product – SAP Business Objects Business Intelligence Platform (BI Workspace), Versions – 4.1, 4.2 |
Medium | 5.4 |
| 2865229 | [CVE-2020-6322] Cross-Site Scripting (XSS) vulnerability in SAP Fiori(Launchpad) Product – SAPFiori(Launchpad), Versions – 750, 752, 753, 754, 755 |
Medium | 4.8 |
| 2960815 | [Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer CVEs- CVE-2020-6322, CVE-2020-6327, CVE-2020-6330, CVE-2020-6333, CVE-2020-6346, CVE-2020-6350, CVE-2020-6339, CVE-2020-6356, CVE-2020-6360, CVE-2020-6361, CVE-2020-6328, CVE-2020-6341, CVE-2020-6343, CVE-2020-6351, CVE-2020-6352, CVE-2020-6358, CVE-2020-6348, CVE-2020-6349, CVE-2020-6347, CVE-2020-6337, CVE-2020-6331, CVE-2020-6332, CVE-2020-6335, CVE-2020-6314, CVE-2020-6359, CVE-2020-6344, CVE-2020-6340, CVE-2020-6336, CVE-2020-6338, CVE-2020-6334, CVE-2020-6353, CVE-2020-6329, CVE-2020-6354, CVE-2020-6345, CVE-2020-6355, CVE-2020-6342, CVE-2020-6321, CVE-2020-6357 Product – SAP 3D Visual Enterprise Viewer, Version – 9 |
Medium | 4.3 |
| 2953203 | [CVE-2020-6317] Information Disclosure in SAP Adaptive Server Enterprise Product – SAP Adaptive Server Enterprise, Versions – 15.7, 16.0 |
Low | 2.6 |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny