SAP Releases Security Fixes to Remediate Several Critical Vulnerabilities

Enterprise marketer SAP slid 11 security consultatives under your door while you were suspiring your way through the Tuesday Patch of Microsoft.

Top of the listing is a weakening famous error in SAP Cloud Connector pre-version 2.11.3: the software disregards validation checks for utilities that demand user identity (CVE-2019-0246). An associated vulnerabilities in Cloud Connector which is the similar versions, CVE-2019-0247, can be employed to accomplish distant code insertions.

The systems management environment of German titan, SAP Landscape Management, is merely on the disapproving list thanks to a sketchily narrated details revelation flaw, CVE-2019-0249.

Two anonymous products endured validation slip-ups. The BW/4HANA data warehouse of company (CVE-2019-0243), and SAP Enterprise Financial Services (CVE-2018-2484), they both have validation errors that can consequence in privilege escalation. SAP Financial Consolidation Cube Designer could expose password creates (CVE-2018-2499), and the ABAP application server had an unspecified details revelation flaw (CVE-2019-0248).

There are two Denial of Service flaws mentioned in the list, one of them is through the crafted harmful links in Business Objects for Android (CVE-2019-0240) and the other is Work and Inventory Manager of the company (CVE-2019-0241).

Lastly, there is one cross-site scripting flaw fixed in SAP Commerce (CVE-2019-0238) and two in the CRM Web Client UI of the company (CVE-2019-0245 and CVE-2019-0244). The list of fixes of SAP and notices is here. You should utilize updates as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *