Friday, 20 December 2019 12:22

SAP Patchday December 2019 Featured

Highlights

Yearend is approaching fast. Winter is comming and most people will soon be enjoying the holiday season. It is thus not a surprise the SAP Security & Response Team did not want to load its customers with tons of work. Out of 7 only 1 security note was released with severity HotNews, which is an update for the already known Chromium vulnerability in the SAP Business Client (Patch Day April 2018).

Merry Christmas and a Happy New Year.
Stay secure!

Summary by Severity

The December release contains a total of 7 patches :

SeverityNumber
Hot News
1
High
0
Medium
6
NoteDescriptionSeverityCVSS
2622660 Update to Security Note released on April 2018 Patch Day:Security updates for the browser control Google Chromium delivered with SAP Business Client
Product - SAP Business Client, Version - 6.5
Hot News
9.8
2845780 [CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise
Product - SAP Adaptive Server Enterprise, Version - 15.7, 16.0
Medium
6.7
2830578 [CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)
Product - SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), Version - 4.2
Medium
5.4
2798133 Update to Security Note released on July 2019 Patch Day:[CVE-2019-0325] Missing Authorization check in SAP ERP HCM
Product - SAP ERP HCM (SAP_HRCES), Version - 3
Medium
5.4
2845183 [CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911Additional CVEs - CVE-2019-0403, CVE-2019-0404
Product - SAP Enable Now, Versions - 1911
Medium
5.3
2803554 [CVE-2019-0399] Potential Information Disclosure in SAP Portfolio and Project Management
Product - SAP Portfolio and Project Management, Versions - S4CORE 102, 103, EPPM 100, CPRXRPM 500_702, 600_740, 610_740 
Medium
5.3
2701027 [CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)
Product - SAP BusinessObjects Business Intelligence Platform (Monitoring Application), Versions - 4.1, 4.2, 4.3
Medium
4.3 

Source

Additional Info

  • Language:: English