SAP Updates
3496Warning Date
Severity Level
Warning Number
Target Sector
11 September, 2019
● High
2019-428
All
Description:
SAP has released updates to address 14 vulnerabilities in the following products:
- SAP Business Client
- SAP Diagnostic Agent (LM-Service)
- SAP Business One
- SAP Kernel (RFC)
- SAP HANA
- SAP BusinessObjects Business Intelligence Platform
- SAP Business One Client
- SAP NetWeaver AS for Java (Web Container)-ENGINEAPI
- SAP HANA Extended Application Services
- SAP BusinessObjects Business Intelligence Platform (CMC)
- SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT)
- SAP NetWeaver Process Integration Runtime Workbench
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Code Injection
- Escalation of privilege
- Denial od Service attacks (DoS)
- Cross Site Scripting (XSS)
- Cross-site request forgery (CSRF)
- Disclosure of information
Best practice and Recommendations:
The CERT team encourages to check the details of the affected products and update them according to the links below:
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242