SAP Latest Security Patch released

Overview :
Latest vulnerabilities discovered in SAP products
Affected Product(s) :
  • SAP
Vulnerability Details :
CVE ID : CVE-2019-0367
 Missing Authorization Check in B2B Content Manager of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (B2B Toolkit), Versions – 1.0, 2.0
CVE ID : CVE-2019-0365
Update to Security Note released on September 2019 Patch Day:
 Denial of service (DOS) in SAP Kernel (RFC), SAP GUI for Windows and SAP GUI for Java
Product – SAP Kernel (RFC), Versions – KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL 7.21, 7.49, 7.53, 7.73, 7.76
CVE ID : CVE-2019-0369,CVE-2019-0370
 Multiple Vulnerabilities in SAP Financial Consolidation
Additional CVE ID – CVE-2019-0369
Product – SAP Financial Consolidation, Versions – 10.0, 10.1
CVE ID : CVE-2019-0374, CVE-2019-0375, CVE-2019-0376, CVE-2019-0377, CVE-2019-0378
 Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Additional CVE IDs – CVE-2019-0375CVE-2019-0376CVE-2019-0377CVE-2019-0378

Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions – 420, 430

CVE ID : CVE-2019-0368
 Cross-Site Scripting (XSS) vulnerability in Customer relationship management (Email management)
Product – SAP Customer Relationship Management (Email Management), Versions – S4CRM 100, 200; BBPCRM 700, 701, 702, 712, 713, 714
CVE ID : CVE-2019-0381
 Binary Planting vulnerability in SAP SQL Anywhere, SAP IQ and SAP Dynamic Tiering
Product – SAP IQ, Version – 16.1
Product – SAP SQL Anywhere, Version – 17.0
Product – SAP Dynamic Tiering, Version – 1.0, 2.0
CVE ID : CVE-2019-0380
 Information Disclosure vulnerability in SAP Landscape Management Enterprise
Product – SAP Landscape Management enterprise edition, Version – 3.0
CVE ID : CVE-2019-0379
Missing Authentication Check in AS2 Adapter of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (AS2 Adapter), Versions – 1.0, 2.0

Remediation / Fixes :

SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

Description Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

Description Several Cross-Site Scripting vulnerabilities in the Curtain WordPress plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker would be

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

Description It was noted that there is security checking to prevent some of the Avast processes from loading of undesired/unsigned