The official site for Saudi CERT
SAP Updates
2592
Warning Date
Severity Level
Warning Number
Target Sector
8 December, 2020
● Critical
2020-2153
All
Description:
SAP has released a security updates to address multiple vulnerabilities in the following products:
- SAP NetWeaver AS JAVA (P2P Cluster Communication)
- 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP BusinessObjects BI Platform (Crystal Report)
- 4.1, 4.2, 4.3
- SAP Business Warehouse
- 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782
- SAP BW4HANA
- 100, 200
- SAP AS ABAP(DMIS)
- 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
- SAP S4 HANA(DMIS)
- 101, 102, 103, 104, 105
- SAP Solution Manager (User Experience Monitoring)
- 7.20
- SAP NetWeaver Application Server for Java
- 7.31, 7.40, 7.50
- SAP Disclosure Management
- 10.1
- SAP NetWeaver AS JAVA (Key Storage Service)
- 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50
- SAP NetWeaver AS ABAP
- 740, 750, 751, 752, 753, 754
- SAP UI
- 7.5, 7.51, 7.52, 7.53, 7.54
- SAP UI 700
- 2.0
- SAP HANA Database
- 2.0
- SAP Solution Manager (Trace Analysis)
- 7.20
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Missing authentication
- Missing authorization check
- Cross-site scripting (XSS) attack
- Missing XML validation
- Code injection
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates:
Rate the content
Share the page
