SAP Updates
1808Warning Date
Severity Level
Warning Number
Target Sector
13 May, 2020
● High
2020-1226
All
Description:
SAP has released security update to address multiple vulnerabilities in the following products:
- SAP Application Server ABAP
- 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740
- SAP Business Client
- 6.5
- SAP Business Objects Business Intelligence Platform
- 1.0, 2.0, 2.x, 4.2 and prior 4.1, 4.2 and 4.3
- SAP Adaptive Server Enterprise (Backup Server)
- 16.0
- SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
- 4.1, 4.2
- SAP Adaptive Server Enterprise (Cockpit)
- 16.0
- SAP Adaptive Server Enterprise
- 16.0, 15.7
- SAP Adaptive Server Enterprise (XP Server on Windows Platform)
- 15.7, 16.0
- SAP Master Data Governance
- S4CORE 101; S4FND 102, 103, 104; SAP_BS_FND 748
- SAP Adaptive Server Enterprise (Web Services)
- 15.7, 16.0
- SAP Business Client
- 7.0
- SAP Enterprise Threat Detection
- 1.0, 2.0
- SAP Master Data Governance
- 748, 749, 750, 751, 752, 800, 801, 802, 803, 804
- SAP Business Objects Business Intelligence Platform (CMC and BI launchpad)
- 4.2
- SAP Plant Connectivity
- 15.1, 15.2, 15.3, 15.4
- SAP NetWeaver AS ABAP (Web Dynpro ABAP)
- SAP_UI 750, 752, 753, 754; SAP_BASIS 700, 710, 730, 731, 804
- SAP Identity Management
- 8.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of Service (DoS)
- SQL Injection
- Code Injection
- Information Disclosure
- Cross-site scripting (XSS) attack.
Best practice and Recommendations:
The CERT team encourages users to review SAP security advisory and apply the necessary updates: