Security Alerts

Your review has been sent successfully
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

SAP Update

219

Warning Date: 10 March, 2020

Severity Level ● High

Warning Number: 2020-1003

Target Sector: All

Description:

SAP has released security update to address multiple vulnerabilities in the following products:

  • SAP Solution Manager (User Experience Monitoring)
    • Version 7.2
  • SAP Solution Manager (Diagnostics Agent)
    • Versions 7.2
  • SAP Business Client
    • Version 6.5
  • SAP NetWeaver UDDI Server (Services Registry)
    • Versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
  • SAP Business Objects Business Intelligence Platform (Crystal Reports)
    • Versions 4.1, 4.2
  • SAP Disclosure Management
    • Version 10.1
  • SAP BusinessObjects Mobile (MobileBIService)
    • Version 4.2
  • SAP MaxDB (liveCache)
    • Versions - 7.8, 7.9
  • SAP Commerce Cloud (Testweb Extension)
    • Versions 6.6, 6.7, 1808, 1811, 1905
  • SAP NetWeaver Application Server Java (User Management Engine)
    • Versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
  • SAP Commerce Cloud (SmartEdit Extension)
    • Versions 6.6, 6.7, 1808, 1811
  • SAP ERP (EAPPGLO)
    • Versions 607
  • SAP Enable Now
    • Before Version 1911 
  • SAP Fiori Launchpad
    • Versions 753, 754
  • SAP Fiori Launchpad
    • Version 1.0
  • SAP Treasury and Risk Management (Transaction Management)
    • Versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618, 800, S4CORE 101, 102, 103, 104
  • SAP Enable Now
    • Before Version 1908 

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Missing Authorization Check.
  • Denial of service (DoS) attack.
  • Cross-site scripting (XSS) attack.

Best practice and Recommendations:

The CERT team encourages users to review SAP security advisory and apply the necessary updates:

Last updated at 10 March, 2020

Rate the content

rate-icon
up icon