Child pages
  • SAP Security Patch Day – December 2019
Skip to end of metadata
Go to start of metadata

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

On 10th of December 2019, SAP Security Patch Day saw the release of 5 Security Notes. There are 2 updates to previously released Patch Day Security Notes.

List of security notes released on December Patch Day:



Update to Security Note released on April 2018 Patch Day:
Security updates for the browser control Google Chromium delivered with SAP Business Client
Product - SAP Business Client, Version - 6.5

Hot News9.8

[CVE-2019-0402] Information Disclosure in SAP Adaptive Server Enterprise
Product - SAP Adaptive Server Enterprise, Version - 15.7, 16.0


[CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad)
Product - SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), Version - 4.2

2798133Update to Security Note released on July 2019 Patch Day:
[CVE-2019-0325Missing Authorization check in SAP ERP HCM
Product - SAP ERP HCM (SAP_HRCES), Version - 3
2845183[CVE-2019-0405] Multiple Security vulnerabilities in SAP Enable Now release 1911
Additional CVEs - CVE-2019-0403, CVE-2019-0404
 - SAP Enable Now, Versions - 1911

[CVE-2019-0399Potential Information Disclosure in SAP Portfolio and Project Management
Product - SAP Portfolio and Project Management, Versions - S4CORE 102, 103, EPPM 100, CPRXRPM 500_702, 600_740, 610_740 


[CVE-2019-0398Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application)
Product - SAP BusinessObjects Business Intelligence Platform (Monitoring Application), Versions - 4.1, 4.2, 4.3



Security Notes vs Vulnerability Types# -  December 2019


#One security note can fix multiple vulnerabilities on same product

Security Notes vs Priority Distribution (July 2019 – December 2019)**

* Patch Day Security Notes are all notes that appear under the category of “Patch Day Notes” in SAP Support Portal

** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.

Customers who would like to take a look at all Security Notes published or updated after November 12, 2019, go to Launchpad Expert Search → Filter 'SAP Security Notes' released between 'November 13, 2019 - December 10, 2019' → Go.

To know more about the security researchers and research companies who have contributed for security patches of this month, visit SAP Product Security Response Acknowledgement Page.

Do write to us at with all your comments and feedback on this blog post.

SAP Product Security Response Team

 Multiple Vulnerabilities in SAP Financial Consolidation

  • No labels