The official site for Saudi CERT
SAP Update
3207
Warning Date
Severity Level
Warning Number
Target Sector
13 November, 2019
● High
2019-616
All
Description:
AP has released security update to address multiple vulnerabilities in the following products:
- SAP Business Client Version 6.5
- SAP Diagnostic Agent (LM-Service) Version 7.20
- SAP BusinessObjects Business Intelligence Platform (Web Intelligence) Version 4.2
- SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Versions 4.1, 4.2
- S4HANA Sales (S4CORE) Versions 1.0, 1.01, 1.02, 1.03, 1.04
- SAP Enable Now Versions prior to 1908
- SAP Treasury and Risk Management (EA-FINSERV) Versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0
- SAP Treasury and Risk Management (S4CORE) Versions 1.01, 1.02, 1.03, 1.04
- SAP ERP Sales (SAP_APPL) Versions 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18
- SAP NetWeaver Application Server Java (J2EE-Framework) Versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5
- SAP NetWeaver AS Java Versions 7.10, 7.20, 7.30, 7.31, 7.4, 7.5
- SAP Quality Management (S4CORE) Versions 1.0, 1.01, 1.02, 1.03
- SAP UI 700 Version 2.0
- SAP UI Versions 7.5, 7.51, 7.52, 7.53, 7.54
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- SQL injection.
- OS command injection.
- Missing XML validation.
- Privilege escalation.
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Rate the content
Share the page
