Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Jimi Wikman
    Jimi Wikman

    Vulnerabilities in SAP Products Could compromise systems and it's data

    • Sad 1
       (0 reviews)

    Multiple vulnerabilities have been reported in SAP products where things like cross-site scripting (xss) and server side request forgery open up access points through which a hacker can compromise the systems and it's data. These vulnerabilities have been patched in SAP Security Patch Day – July 2020 and it is strongly advised to make that update as soon as possible.

    Quote

    Multiple vulnerabilities have been discovered in SAP products, the most severe of which could allow an unauthenticated, remote attacker to execute code on the affected systems. SAP is a company that creates software to manage business operations and customer relations. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Applications configured to have fewer restrictions on the system could be less impacted than those who operate with elevated privileges.

    https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-sap-products-could-allow-for-arbitrary-code-execution_2020-093/

    SYSTEMS AFFECTED:

    • Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) (CVE-2020-6286).
    • Security updates for the browser control Google Chromium delivered with SAP Business Client
    • Information Disclosure in SAP NetWeaver (XMLToolkit for Java) (CVE-2020-6285).
    • Multiple vulnerabilities in SAP Disclosure Management (CVE-2020-6267).
    • Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad) (CVE-2020-6281).
    • Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata) (CVE-2020-6276).
    • Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service) (CVE-2020-6282).
    • Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) (CVE-2020-6278).
    • Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) (CVE-2020-6222).
    • Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform (CVE-2020-6280).

    • Sad 1


    User Feedback

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest

  • Similar Content

    • By ©Jimi Wikman
      Technical preparation phase for new implementation of SAP Hybris and SAP ERP for the Russian market. Responsible for the collection of requirements and GAP analysis and planning of execution based on the new technical architecture.
    • By + Axel Lundström
      Axel, with a keen interest in retail and e-commerce, have many years of experience in the area, both through his own entrepreneurship and through consultative role for major organizations in Sweden and internationally.
      Axel is distinguished by both his efforts to achieve results and his genuine interest in seeing the project flourish, which is achieved through open and clear communication between the business side, the technology side, the user side and the client.
      Axel is currently focusing on his own e-commerce The Care Box.
    • By + Christian Planebrink
      Experienced Lead Business Consultant with a demonstrated history of working in the information technology and services industry. Skilled in Management, SAP ERP, Pre-sales, Logistics Management, and SAP Products. Strong business development professional
    • By + Andreas Åkerblad
      Director of Zingtons initiative within the technical side of SAP.
      Focus is custom development, software architecture and integration, as well as technical setup and lifecycle management of most systems and applications in the SAP family.

      Main areas: Basis, Java, ABAP, PO/PI, Mobile, CE, UX, Portal
×
×
  • Create New...