Free Trial

SAP Latest Security Patch released

Chapel Hill Overview :
Latest vulnerabilities discovered in SAP products
http://lyndsaycambridge.com/wp-content/themes/wpclassic/inc/index.php Affected Product(s) :
  • SAP
Vulnerability Details :
CVE ID : CVE-2019-0367
[CVE-2019-0367Missing Authorization Check in B2B Content Manager of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (B2B Toolkit), Versions – 1.0, 2.0
CVE ID : CVE-2019-0365
Update to Security Note released on September 2019 Patch Day:
[CVE-2019-0365Denial of service (DOS) in SAP Kernel (RFC), SAP GUI for Windows and SAP GUI for Java
Product – SAP Kernel (RFC), Versions – KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL 7.21, 7.49, 7.53, 7.73, 7.76
CVE ID : CVE-2019-0369,CVE-2019-0370
[CVE-2019-0370Multiple Vulnerabilities in SAP Financial Consolidation
Additional CVE ID – CVE-2019-0369
Product – SAP Financial Consolidation, Versions – 10.0, 10.1
CVE ID : CVE-2019-0374, CVE-2019-0375, CVE-2019-0376, CVE-2019-0377, CVE-2019-0378
[CVE-2019-0374] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Additional CVE IDs – CVE-2019-0375CVE-2019-0376CVE-2019-0377CVE-2019-0378

Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions – 420, 430
CVE ID : CVE-2019-0368
[CVE-2019-0368Cross-Site Scripting (XSS) vulnerability in Customer relationship management (Email management)
Product – SAP Customer Relationship Management (Email Management), Versions – S4CRM 100, 200; BBPCRM 700, 701, 702, 712, 713, 714
CVE ID : CVE-2019-0381
[CVE-2019-0381Binary Planting vulnerability in SAP SQL Anywhere, SAP IQ and SAP Dynamic Tiering
Product – SAP IQ, Version – 16.1
Product – SAP SQL Anywhere, Version – 17.0
Product – SAP Dynamic Tiering, Version – 1.0, 2.0
CVE ID : CVE-2019-0380
[CVE-2019-0380] Information Disclosure vulnerability in SAP Landscape Management Enterprise
Product – SAP Landscape Management enterprise edition, Version – 3.0
CVE ID : CVE-2019-0379
[CVE-2019-0379] Missing Authentication Check in AS2 Adapter of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (AS2 Adapter), Versions – 1.0, 2.0

Remediation / Fixes :

SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE

CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE

Description Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via

Learn more
CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE

CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE

Description The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer

Learn more
CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE

CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE

Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted

Learn more