Jump to content
About me. Writings. Community. Resources. Databases.
Search In
  • More options...
Find results that contain...
Find results in...
  • Vulnerabilities in SAP Products Could compromise systems and it's data | jimiwikman.se
    Jimi Wikman By Jimi Wikman

    Vulnerabilities in SAP Products Could compromise systems and it's data

    Posted , 190 views, 0 comments

    Multiple vulnerabilities have been reported in SAP products where things like cross-site scripting (xss) and server side request forgery open up access points through which a hacker can compromise the systems and it's data. These vulnerabilities have been patched in SAP Security Patch Day – July 2020 and it is strongly advised to make that update as soon as possible.

    Quote

    Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow an unauthenticated, remote attacker to execute code on the affected systems. SAP is a company that creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Applications configured to have fewer restrictions on the system could be less impacted than those who operate with elevated privileges.

    https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-sap-products-could-allow-for-arbitrary-code-execution_2020-093/

    SYSTEMS AFFECTED:

    • Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) (CVE-2020-6286).
    • Security updates for the browser control Google Chromium delivered with SAP Business Client
    • Information Disclosure in SAP NetWeaver (XMLToolkit for Java) (CVE-2020-6285).
    • Multiple vulnerabilities in SAP Disclosure Management (CVE-2020-6267).
    • Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad) (CVE-2020-6281).
    • Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata) (CVE-2020-6276).
    • Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service) (CVE-2020-6282).
    • Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) (CVE-2020-6278).
    • Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) (CVE-2020-6222).
    • Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform (CVE-2020-6280).
    • Sad 1

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Similar Content

    • Andreas Åkerblad
      Andreas Åkerblad
      By Andreas Åkerblad
      Director of Zingtons initiative within the technical side of SAP.
      Focus is custom development, software architecture and integration, as well as technical setup and lifecycle management of most systems and applications in the SAP family.

      Main areas: Basis, Java, ABAP, PO/PI, Mobile, CE, UX, Portal
    • Christian Planebrink
      Christian Planebrink
      By Christian Planebrink
      Experienced Lead Business Consultant with a demonstrated history of working in the information technology and services industry. Skilled in Management, SAP ERP, Pre-sales, Logistics Management, and SAP Products. Strong business development professional
    • Jimi Wikman
      Electrolux - Project Manager / Business Analyst
      By Jimi Wikman
      Technical preparation phase for new implementation of SAP Hybris and SAP ERP for the Russian market. Responsible for the collection of requirements and GAP analysis and planning of execution based on the new technical architecture.
    • Axel Lundström
      Axel Lundström
      By Axel Lundström
      Axel, with a keen interest in retail and e-commerce, have many years of experience in the area, both through his own entrepreneurship and through consultative role for major organizations in Sweden and internationally.
      Axel is distinguished by both his efforts to achieve results and his genuine interest in seeing the project flourish, which is achieved through open and clear communication between the business side, the technology side, the user side and the client.
      Axel is currently focusing on his own e-commerce The Care Box.
×
×
  • Create New...