Overview :
New vulnerabilities discovered in SAP products
Affected Product(s) :
  • SAP
Vulnerability Details :
CVE ID : CVE-2019-0388
[[CVE-2019-0388Content spoofing vulnerability in UI5 HTTP Handler
Product – SAP UI, Versions – 7.5, 7.51, 7.52, 7.53, 7.54
Product – SAP UI 700, Versions – 2.0
CVE ID : CVE-2019-0396
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions – 4.1, 4.2

Remediation / Fixes :

SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.