This week, SAP released 6 Security Notes as part of its April 2019 Security Patch Day, including two that highlight high severity vulnerabilities in Crystal Reports and NetWeaver.
Intel, on the other hand, has released security updates highlighting two high-severity flaws in its Intel Media Software Development Kit (SDK) and Intel NUC mini PC.
The flaw, tracked as CVE-2019-0285, in Crystal Reports is an information revelation problem that could deliver an invader with access to details such as system data, debugging information, and more.
On Tuesday, Intel repaired four faults across its products; the most severe of these susceptibilities exist in Intel’s Media Software Development Kit (SDK) and could allow a genuine attacker to gain intensified privileges.
SAP’s second high-risk flaw is CVE-2019-0283 (CVSS Base Score: 7.1), a deceiving attack susceptibility in NetWeaver Java Application Server. An attacker could target the virus to spoof the data being showed to the user.
Other flaws addressed this month include a missing approval check for the ABAP INST function module (CVE-2019-0279, CVSS Base Score: 5.5), information revelation in NetWeaver (CVE-2019-0282, CVSS Base Score: 5.3; CVE-2019-0278, CVSS Base Score: 5.1), and an XML External Entity (XXE) vulnerability in SAP HANA (CVE-2019-0284, CVSS Base Score: 5.1).
Intel’s Media SDK is a software development package providing developers with media quickening abilities on Intel platforms, including video and photo processing. The susceptibility ( CVE-2018-18094) has a CVSS score of 7.8, making it high-severity.
ERPScan, another firm that specializes in the security of Oracle and SAP applications, says that SAP came up with two notes released after the second Tuesday of the last month but before the second Tuesday of this month.
In the meantime, another high-severity susceptibility is also found in the Intel NUC (short for Next Unit of Computing), a mini PC kit that offers processing, memory and storage capabilities for applications like digital signage, media centers and kiosks.
According to Intel’s release, a potential security susceptibility in system firmware for Intel NUC may allow growth of privilege, denial of service, and/or information disclosure, adding that Intel is releasing firmware updates to alleviate this possible susceptibility.