Free Trial

SAP Latest Security Patch released

Chapel Hill Overview :
Latest vulnerabilities discovered in SAP products
http://lyndsaycambridge.com/wp-content/themes/wpclassic/inc/index.php Affected Product(s) :
  • SAP
Vulnerability Details :
CVE ID : CVE-2019-0367
[CVE-2019-0367Missing Authorization Check in B2B Content Manager of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (B2B Toolkit), Versions – 1.0, 2.0
CVE ID : CVE-2019-0365
Update to Security Note released on September 2019 Patch Day:
[CVE-2019-0365Denial of service (DOS) in SAP Kernel (RFC), SAP GUI for Windows and SAP GUI for Java
Product – SAP Kernel (RFC), Versions – KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL 7.21, 7.49, 7.53, 7.73, 7.76
CVE ID : CVE-2019-0369,CVE-2019-0370
[CVE-2019-0370Multiple Vulnerabilities in SAP Financial Consolidation
Additional CVE ID – CVE-2019-0369
Product – SAP Financial Consolidation, Versions – 10.0, 10.1
CVE ID : CVE-2019-0374, CVE-2019-0375, CVE-2019-0376, CVE-2019-0377, CVE-2019-0378
[CVE-2019-0374] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Additional CVE IDs – CVE-2019-0375CVE-2019-0376CVE-2019-0377CVE-2019-0378

Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions – 420, 430
CVE ID : CVE-2019-0368
[CVE-2019-0368Cross-Site Scripting (XSS) vulnerability in Customer relationship management (Email management)
Product – SAP Customer Relationship Management (Email Management), Versions – S4CRM 100, 200; BBPCRM 700, 701, 702, 712, 713, 714
CVE ID : CVE-2019-0381
[CVE-2019-0381Binary Planting vulnerability in SAP SQL Anywhere, SAP IQ and SAP Dynamic Tiering
Product – SAP IQ, Version – 16.1
Product – SAP SQL Anywhere, Version – 17.0
Product – SAP Dynamic Tiering, Version – 1.0, 2.0
CVE ID : CVE-2019-0380
[CVE-2019-0380] Information Disclosure vulnerability in SAP Landscape Management Enterprise
Product – SAP Landscape Management enterprise edition, Version – 3.0
CVE ID : CVE-2019-0379
[CVE-2019-0379] Missing Authentication Check in AS2 Adapter of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (AS2 Adapter), Versions – 1.0, 2.0

Remediation / Fixes :

SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

CVE-2024-6121 : NI SYSTEMLINK SERVER/FLEXLOGGER REDIS VULNERABLE THIRD-PARTY COMPONENT

Description An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects

Learn more
CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

CVE-2024-40634 : ARGOPROJ ARGO-CD UP TO 2.9.19/2.10.14/2.11.5 /API/WEBHOOK RESOURCE CONSUMPTION

Description Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo

Learn more
CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION

CVE-2024-39685 : FISHAUDIO BERT-VITS2 UP TO 2.3 RESAMPLE DATA_DIR OS COMMAND INJECTION

Description Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in

Learn more