Anasayfa » SAP Kritik Güncellemeler Yayınladı

Makaleyi Paylaş

Haberler

SAP Kritik Güncellemeler Yayınladı

SAP, kritik güncellemeler yayınlayarak kullanıcılarını uyardı.

Güncellemelerin zaman kaybetmeden yüklenmesi konusunda uyarılarda bulunan SAP’in yayınladığı güncellemeler ise şöyle;

Note#TitlePriorityCVSS
2969828[CVE-2020-6364OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)
Product – SAP Solution Manager (CA Introscope Enterprise Manager) and SAP Focused Run (CA Introscope Enterprise Manager), Versions – WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7
Hot News10
2622660Update to security note released on April 2018 Patch Day:
Security updates for the browser control Google Chromium delivered with SAP Business Client
Product – SAP Business Client, Version – 6.5
Hot News9.8
2941667Update to security note released on August 2020 Patch Day:
[CVE-2020-6296Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform
Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755 
High8.3
2972661[CVE-2020-6367Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Composite Application Framework
Product- SAP NetWeaver Composite Application Framework, Versions – 7.20, 7.30, 7.31, 7.40, 7.50
High8.2
2969457[CVE-2020-6366Missing XML Validation in SAP NetWeaver (Compare Systems)
Product – SAP NetWeaver (Compare Systems), Versions – 7.20, 7.30, 7.31, 7.40, 7.50
High7.6
2971638[CVE-2020-6369Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run)
Product – CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run), Versions – 9.7, 10.1, 10.5, 10.7
High7.5
2941315Update to security note released on August 2020 Patch Day:
[CVE-2020-6309Missing Authentication check in SAP NetWeaver AS JAVA
Product – SAP NetWeaver AS JAVA (ENGINEAPI versions – 7.10, 7.10; WSRM versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and J2EE-FRMW versions – 7.10, 7.11)
High7.5
2898077Update to security note released on April 2020 Patch Day:
[CVE-2020-6237Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application)
Product – SAP Business Objects Business Intelligence Platform, Versions – 4.1, 4.2 
High7.5
2902456Update to security note released on April 2020 Patch Day:
[CVE-2020-6236Privilege Escalation in SAP Landscape Management (SAP Adaptive Extensions)
Product – SAP Landscape Management, Version – 3.0
Product-SAP Adaptive Extensions, Version – 1.0
High7.2
2956398[CVE-2020-6319Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java
Product – SAP NetWeaver Application Server Java, Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
Medium6.1
2973497[CVE-2020-6315Multiple Vulnerabilities in SAP 3D Visual Enterprise Viewer
Additional CVEs – CVE-2020-6372CVE-2020-6373CVE-2020-6374CVE-2020-6375CVE-2020-6376Product – SAP 3D Visual Enterprise Viewer, Version – 9
Medium5.7
2917381[CVE-2020-6272Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud
Product – SAP Commerce Cloud, Versions – 1808, 1811, 1905, 2005 
Medium5.4
2960825[CVE-2020-6368Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation
Product – SAP Business Planning and Consolidation, Versions – 750, 751, 752, 753, 754, 755, 810, 100, 200 
Medium5.4
2949196Update to security note released on August 2020 Patch Day:
[CVE-2020-6301Missing Authorization check in SAP ERP (HCM Travel Management)
Product – SAP ERP (HCM Travel Management); Versions – 600, 602, 603, 604, 605, 606, 607, 608 
Medium5.4
2943844[CVE-2020-6308Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Services)
Product – SAP BusinessObjects Business Intelligence Platform (Web Services), Versions – 410, 420, 430 
Medium5.3
2939419[CVE-2020-6370Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (DI Design Time Repository)
Product – SAP NetWeaver (DI Design Time Repository), Versions – 7.11, 7.30, 7.31, 7.40, 7.50
Medium4.8
2965315[CVE-2020-6365Reverse Tabnabbing vulnerability in SAP NetWeaver AS Java Start Page
Product – SAP NetWeaver Application Server Java, Versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
Medium4.7
2960329[CVE-2020-6323Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (Fiori Framework Page)
Product – SAP NetWeaver Enterprise Portal (Fiori Framework Page), Versions – 7.50, 7.31, 7.40
Medium4.4
2963137[CVE-2020-6371Information disclosure in SAP NetWeaver AS ABAP via the POWL Test Feeder endpoint
Product – SAP NetWeaver Application Server ABAP (POWL test application), Versions – 710, 711, 730, 731, 740, 750
Medium4.3
2953212[CVE-2020-6362] Incorrect Authorization in SAP Banking Services
Product – SAP Banking Services, Version – 500
Medium4.3
2965287[CVE-2020-6363Insufficient Session Expiration in SAP Commerce Cloud
Product – SAP Commerce Cloud, Versions – 1808, 1811, 1905, 2005
Low3.7

Kaynak

Makaleyi Paylaş

Cevap bırakın

Email adresiniz gizli kalacak Zorunlu alanlar * olarak işaretlenmiştir

Bunları kullanabilirsinizHTML etiketler ve öznitelikleri: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>