SAP Update
3185Warning Date
Severity Level
Warning Number
Target Sector
10 June, 2020
● Critical
2020-1331
All
Description:
SAP has released security update to address multiple vulnerabilities in the following products:
- SAP Liquidity Management for Banking
- 6.2
- SAP Commerce
- 6.7, 1808, 1811, 1905
- AP Solution Manager (Problem Context Manager)
- 7.2
- SAP SuccessFactors Recruiting
- 2005
- SAP Netweaver AS ABAP
- 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754
- SAP NetWeaver AS JAVA (P4 Protocol)
- SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- SAP NetWeaver AS ABAP (Banking Services)
- 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E
- Adobe LiveCycle Designer
- 11.0
- SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)
- 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754
- SAP Fiori for SAP S/4HANA
- 200, 300, 400, 500
- SAP ERP (Statutory Reporting for Insurance Companies)
- EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618, 800; S4CORE 101, 102, 103, 104
- SAP Business One (Backup service)
- 9.3, 10.0
- SAP Gateway
- 7.5, 7.51, 7.52 ,7.53, 7.40, 2.00
- SAP Business Objects Business Intelligence Platform
- 4.2
Threats:
The update includes a fix for the following threats:
- Information disclosure.
- Missing Authorization Check.
- Missing Authentication.
- Missing XML Validation.
- Cross-site scripting (XSS) attack.
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates: