Your review has been sent successfully

SAP Updates

3496
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

11 September, 2019

● High

2019-428

All

Description:

SAP has released updates to address 14 vulnerabilities in the following products:

  • SAP Business Client
  • SAP Diagnostic Agent (LM-Service)
  • SAP Business One
  • SAP Kernel (RFC)
  • SAP HANA
  • SAP BusinessObjects Business Intelligence Platform
  • SAP Business One Client
  • SAP NetWeaver AS for Java (Web Container)-ENGINEAPI
  • SAP HANA Extended Application Services
  • SAP BusinessObjects Business Intelligence Platform (CMC)
  • SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT)
  • SAP NetWeaver Process Integration Runtime Workbench

Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Code Injection
  • Escalation of privilege
  • Denial od Service attacks (DoS)
  • Cross Site Scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Disclosure of information

Best practice and Recommendations:

The CERT team encourages to check the details of the affected products and update them according to the links below:

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Last updated at 28 October, 2019

Rate the content

rate-icon
up icon