W dniu 10 listopada firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 13 nowych poprawek w tym 6 jest krytycznych.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
| Note# | Title | Priority | CVSS |
| 2985866 | [Multiple CVE IDs] Missing Authentication Check in SAP Solution Manager (JAVA stack) CVE IDs – CVE-2020-26821, CVE-2020-26822, CVE-2020-26823, CVE-2020-26824 Product – SAP Solution Manager (JAVA stack), Version – 7.2 |
Hot News | 10 |
| 2890213 | Update to security note released on March 2020 Patch Day: [CVE-2020-6207] Missing Authentication Check in SAP Solution Manager Product – SAP Solution Manager (User Experience Monitoring), Version – 7.2 |
Hot News | 10 |
| 2982840 | Multiple Vulnerabilities in SAP Data Services Related CVEs – CVE-2019-0230, CVE-2019-0233 Product – SAP Data Services, Versions – 4.2 |
Hot News | 9.8 |
| 2973735 | [CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS) Product – SAP AS ABAP(DMIS), Versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 Product – SAP S4 HANA(DMIS), Versions – 101, 102, 103, 104, 105 |
Hot News | 9.1 |
| 2979062 | [CVE-2020-26820] Privilege escalation in SAP NetWeaver Application Server for Java (UDDI Server) Product – SAP NetWeaver AS JAVA, Versions – 7.20, 7.30, 7.31, 7.40, 7.50 |
Hot News | 9.1 |
| 2928635 | Update to security note released on August 2020 Patch Day: [CVE-2020-6284] Cross-Site Scripting (XSS) in SAP NetWeaver (Knowledge Management) Product – SAP NetWeaver (Knowledge Management); Versions – 7.30, 7.31, 7.40, 7.50 |
Hot News | 9 |
| 2984627 | [CVE-2020-26815] Information Disclosure in SAP Fiori Launchpad (NewsTile Application) Product – SAP Fiori Launchpad (News Tile Application), Versions – 750,751,752,753,754,755 |
High | 8.6 |
| 2975189 | [CVE-2020-26809] Information Disclosure in SAP Commerce Cloud Product – SAP Commerce Cloud, Versions – 1808,1811,1905,2005 |
High | 7.5 |
| 2975170 | [CVE-2020-26810] Multiple Vulnerabilities in SAP Commerce Cloud (Accelerator Payment Mock) Additional CVE ID – CVE-2020-26811 Product – SAP Commerce Cloud (Accelerator Payment Mock), Versions – 1808, 1811, 1905, 2005 |
High | 7.5 |
| 2971954 | [CVE-2020-26818] Multiple vulnerabilities in SAP NetWeaver AS ABAP Additional CVE ID – CVE-2020-26819 Product – SAP NetWeaver AS ABAP, Versions – 731, 740, 750, 751, 752, 753, 754, 755, 782 |
Medium | 6.5 |
| 2951325 | Update to security note released on September 2020 Patch Day: [CVE-2020-6311] Improper Authorization Checks in Banking services from SAP Bank Analyzer and SAP S/4HANA Financial Products Product – BANKING SERVICES FROM SAP 9.0(Bank Analyzer), Version – 500 Product – S/4HANA FIN PROD SUBLDGR, Version – 100 |
Medium | 6.5 |
| 2952084 | [CVE-2020-26814] Information Disclosure in SAP Process Integration (PGP Module – Business-to-Business Add On) Product – SAP Process Integration (PGP Module – Business-to-Business Add On), Version – 1.0 |
Medium | 4.9 |
| 2971112 | [CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0 Product – SAP ERP Client for E-Bilanz 1.0, Version – 1.0 |
Medium | 4.4 |
| 2944188 | [CVE-2020-6316] Missing Authorization Check in SAP ERP and SAP S/4 HANA Product – SAP ERP, Versions – 600, 602, 603, 604, 605, 606, 616, 617, 618 Product – SAP S/4 HANA, Versions – 100, 101, 102, 103, 104 |
Medium | 4.3 |
| 2985094 | [CVE-2020-26817] Improper input validation in Visual Enterprise Viewer Product – SAP 3D Visual Enterprise Viewer, Versions – 9 |
Medium | 4.3 |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny