Firma SAP publikuje aktualizacje bezpieczeństwa 10/2017

utworzone przez | paź 10, 2017 | Aktualizacje

W dniu 10 października firma SAP wydała aktualizacje bezpieczeństwa, które obejmują 13 nowych poprawek i 4 aktualizacje poprawek. 2 poprawki mają status wysoki.

CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.

Pełna lista poprawek:

Note# Title Priority CVSS
2486657 Update to Security Note released on August 2017 Patch Day:
Directory Traversal vulnerability in SAP NetWeaver AS Java Web Container		 High 7.7
2476937 Potential Denial of Service vulnerability in SAP Standalone Enqueue Server High 7.5
2511453 Possible leakage of sensitive data in SAP Mobile Platform SDK 3.0 Medium 6.9
2509284 Memory Corruption vulnerability in SAP NetWeaver Instance Agent Service Medium 6.6
2507798 Update to Security Note released on September 2017 Patch Day: Bypass of email verification in e-recruiting Medium 6.5
2517501 Switchable Authorization checks for SAP ERP Funds Management Account Assignments Medium 6.3
2236258 Missing XML Validation vulnerability in Adobe Document Services Medium 5.5
2519135 Cross-Site Scripting (XSS) vulnerability in SAP CRM Mail Form Editor Medium 5.4
2519622 Email Spoofing vulnerability in SAP CRM IC WebClient Medium 5.4
2480857 Denial of Service in SAP NetWeaver Web Dynpro ABAP Medium 5.3
2504129 Information Disclosure in SAP NetWeaver Instance Agent Service Medium 5.3
2458021 Update to Security Note released on July 2017 Patch Day: Information Disclosure vulnerability in LDAP Authentication for SAP BusinessObjects Enterprise Medium 5.3
2527770 Information Disclosure in SAP NetWeaver System Landscape Directory Medium 4.3
2528596 Update to Security Note released on September 2017 Patch Day: Hard-coded Credentials in SAP Point of Sale Store Manager Medium 3.9
2510269 Information disclosure vulnerability in SAP NetWeaver Mobile Client Medium 3.8
2532802 Information Disclosure in SAP NetWeaver Mobile Client Medium 3.5
2528284 Information Disclosure in SAP NetWeaver Mobile Client Medium 3.3