Overview :
Latest vulnerabilities discovered in SAP products
Affected Product(s) :
  • SAP
Vulnerability Details :
CVE ID :CVE-2019-0367
[CVE-2019-0367Missing Authorization Check in B2B Content Manager of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (B2B Toolkit), Versions – 1.0, 2.0
CVE ID :CVE-2019-0365
Update to Security Note released on September 2019 Patch Day:
[CVE-2019-0365Denial of service (DOS) in SAP Kernel (RFC), SAP GUI for Windows and SAP GUI for Java
Product – SAP Kernel (RFC), Versions – KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL 7.21, 7.49, 7.53, 7.73, 7.76
CVE ID :CVE-2019-0369,CVE-2019-0370
[CVE-2019-0370Multiple Vulnerabilities in SAP Financial Consolidation
Additional CVE ID – CVE-2019-0369
Product – SAP Financial Consolidation, Versions – 10.0, 10.1
CVE ID :CVE-2019-0374, CVE-2019-0375, CVE-2019-0376, CVE-2019-0377, CVE-2019-0378
[CVE-2019-0374] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Additional CVE IDs – CVE-2019-0375CVE-2019-0376CVE-2019-0377CVE-2019-0378

Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions – 420, 430

CVE ID :CVE-2019-0368
[CVE-2019-0368Cross-Site Scripting (XSS) vulnerability in Customer relationship management (Email management)
Product – SAP Customer Relationship Management (Email Management), Versions – S4CRM 100, 200; BBPCRM 700, 701, 702, 712, 713, 714
CVE ID :CVE-2019-0381
[CVE-2019-0381Binary Planting vulnerability in SAP SQL Anywhere, SAP IQ and SAP Dynamic Tiering
Product – SAP IQ, Version – 16.1
Product – SAP SQL Anywhere, Version – 17.0
Product – SAP Dynamic Tiering, Version – 1.0, 2.0
CVE ID :CVE-2019-0380
[CVE-2019-0380] Information Disclosure vulnerability in SAP Landscape Management Enterprise
Product – SAP Landscape Management enterprise edition, Version – 3.0
CVE ID :CVE-2019-0379
[CVE-2019-0379] Missing Authentication Check in AS2 Adapter of B2B Add-On for SAP NetWeaver Process Integration
Product – SAP NetWeaver Process Integration (AS2 Adapter), Versions – 1.0, 2.0

Remediation / Fixes :

SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.