W dniu 8 grudnia firma SAP wydała aktualizacje bezpieczeństwa, która obejmuje 11 nowych poprawek w tym 4 jest krytycznych.
CERT PSE zachęca administratorów do zapoznania się z notami na SAP Security Patch Day i zastosowania niezbędnych aktualizacji.
Pełna lista poprawek:
| Note# | Title | Priority | CVSS |
| 2974774 | [CVE-2020-26829] Missing Authentication Check In SAP NetWeaver AS JAVA (P2P Cluster Communication) Product – SAP NetWeaver AS JAVA (P2P Cluster Communication), Versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 |
Hot News | 10 |
| 2989075 | [CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report) Product – SAP BusinessObjects BI Platform (Crystal Report), Versions – 4.1, 4.2, 4.3 |
Hot News | 9.6 |
| 2983367 | [CVE-2020-26838] Code Injection vulnerability in SAP Business Warehouse (Master Data Management) and SAP BW4HANA Product – SAP Business Warehouse, Versions – 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782 Product – SAP BW4HANA, Versions – 100, 200 |
Hot News | 9.1 |
| 2973735 | Update to security note released on November 2020 Patch Day: [CVE-2020-26808] Code Injection in SAP AS ABAP and S/4 HANA (DMIS) Product – SAP AS ABAP(DMIS), Versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 Product – SAP S4 HANA(DMIS), Versions – 101, 102, 103, 104, 105 |
Hot News | 9.1 |
| 2983204 | [CVE-2020-26837] Path traversal and Missing Authorization check in SAP Solution Manager 7.2 (User Experience Monitoring) Additional CVE: CVE-2020-26830 Product – SAP Solution Manager (User Experience Monitoring), Version – 7.20 |
High | 8.5 |
| 2993132 | [CVE-2020-26832] Missing Authorization check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation) Product – SAP NetWeaver AS ABAP (SAP Landscape Transformation – DMIS), Versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 Product – SAP S4 HANA (SAP Landscape Transformation), Versions – 101, 102, 103, 104, 105 |
High | 7.6 |
| 2974330 | [CVE-2020-26826] Unrestricted File Upload vulnerability in SAP NetWeaver Application Server for Java (Process Integration Monitoring) Product – SAP NetWeaver Application Server for Java, Versions – 7.31, 7.40, 7.50 |
Medium | 6.5 |
| 2971180 | [CVE-2020-26828] Formula Injection in SAP Disclosure Management Product – SAP Disclosure Management, Version – 10.1 |
Medium | 5.4 |
| 2971163 | [CVE-2020-26816] Missing Encryption in SAP NetWeaver AS Java (Key Storage Service) Product – SAP NetWeaver AS JAVA (Key Storage Service), Versions – 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50 |
Medium | 5.4 |
| 2996479 | [CVE-2020-26835] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Product – SAP NetWeaver AS ABAP, Versions – 740, 750, 751, 752, 753, 754 |
Medium | 5.3 |
| 2843016 | Update to security note released on November 2019 Patch Day: [CVE-2019-0388] Content spoofing vulnerability in UI5 HTTP Handler Product – SAP UI, Versions – 7.5, 7.51, 7.52, 7.53, 7.54 Product – SAP UI 700, Version – 2.0 |
Medium | 4.3 |
| 2978768 | [CVE-2020-26834] Improper authentication in SAP HANA database Product – SAP HANA Database, Version – 2.0 |
Medium | 4.2 |
| 2938650 | [CVE-2020-26836] Open Redirect in SAP Solution Manager (Trace Analysis) Product – SAP Solution Manager (Trace Analysis), Version – 7.20 |
Low | 3.4 |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny