Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

On 13th of August 2019, SAP Security Patch Day saw the release of 12 Security Notes. There is 1 update to previously released Patch Day Security Notes.

List of security notes released on August Patch Day:

 

Note#TitlePriorityCVSS
2800779

[CVE-2019-0351Remote Code Execution(RCE) in SAP NetWeaver UDDI Server (Services Registry)

Product - SAP NetWeaver UDDI Server (Services Registry); Versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
Hot News9.9
2622660

Update to Security Note released on April 2018 Patch Day:
Security updates for the browser control Google Chromium delivered with SAP Business Client
Product - SAP Business Client, Version - 6.5

Hot News9.8
2786035

[CVE-2019-0344Code Injection vulnerabilities in SAP Commerce Cloud (mediaconversion and virtualjdbc extension)
Additional CVE ID - CVE-2019-0343
Product - SAP Commerce Cloud (virtualjdbc extension), Versions - 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905
Product - SAP Commerce Cloud (Mediaconversion Extension), Versions - 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905

Hot News9
2813811[CVE-2019-0345Server-Side Request Forgery in SAP NetWeaver Application Server for Java (Administrator System Overview)
Product - SAP NetWeaver Application Server for Java (Administrator System Overview), Versions - 7.30, 7.31, 7.40, 7.50
Hot News9
2798243[CVE-2019-0350] Denial of service (DOS) in SAP HANA database
Product - SAP HANA Database, Versions - 1.0, 2.0
High7.5
2798743

[CVE-2019-0349Missing Authorization check in SAP Kernel (ABAP Debugger)

Product - SAP Kernel (ABAP Debugger), Versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77
High7.2
2764513

[CVE-2019-0333Information Disclosure in SAP Business Objects Business Intelligence Platform (Web Intelligence and CMC)
Additional CVE ID - CVE-2019-0346
Product -  SAP Business Objects Business Intelligence Platform (Web Intelligence), Version - 4.2
Product - SAP Business Objects Business Intelligence Platform (CMC), Version - 4.2

Medium6.5 
2794742

[CVE-2019-0340Multiple Security Vulnerabilities in SAP Enable Now
Additional CVE IDs - CVE-2019-0341
Product -  SAP Enable Now, Version - 1902

Medium6.4
2789866

[CVE-2019-0337Cross-Site Scripting (XSS) vulnerability in Java Proxy Runtime of SAP NetWeaver Process Integration
Product - SAP NetWeaver Process Integration (Java Proxy Runtime), Versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50

Medium6.1
2771221[CVE-2019-0334Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Workspace)
Product - SAP BusinessObjects Business Intelligence Platform (BI Workspace), Versions - 4.1, 4.2, 4.3
Medium5.4
2793351[CVE-2019-0338] Information Disclosure in SAP Gateway
Product - SAP Gateway, Versions - 750, 751, 752, 753
Medium5.3
2742468

[CVE-2019-0331Multiple vulnerabilities In SAP BusinessObjects Business Intelligence Platform (BI Workspace, Infoview and CMC)
Additional CVE IDs - CVE-2019-0332, CVE-2019-0335
Product - SAP BusinessObjects Business Intelligence Platform (BI Workspace), Versions - 4.1, 4.2, 4.3
Product - SAP BusinessObjects Business Intelligence Platform (Info View), Versions - 4.1, 4.2, 4.3
Product - SAP BusinessObjects Business Intelligence Platform (Web Intelligence), Versions - 4.1, 4.2, 4.3

Medium5.3
2751470[CVE-2019-0348Encryption not enforced in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
Product - SAP Business Objects Business Intelligence Platform (Web Intelligence), Versions - 4.1, 4.2
Low3.5

 

________________________________________________________________________________

Security Notes vs Vulnerability Types - August 2019

 


Security Notes vs Priority Distribution (March 2019 – August 2019)**

* Patch Day Security Notes are all notes that appear under the category of “Patch Day Notes” in SAP Support Portal

** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.

Customers who would like to take a look at all Security Notes published or updated after July 9, 2019, go to Launchpad Expert Search → Filter 'SAP Security Notes'  released between 'July 10, 2019 - August 13, 2019' → Go.

To know more about the security researchers and research companies who have contributed for security patches of this month, visit SAP Product Security Response Acknowledgement Page

Do write to us at secure@sap.com with all your comments and feedback on this blog post.

SAP Product Security Response Team

  • No labels