loader gif

SAP Patches Multiple Missing Authorization Checks

SAP Patches Multiple Missing Authorization Checks (Malware and Vulnerabilities)

SAP this week released of 8 Security Notes as part of its SAP Security Patch Day for May 2019, which also included 5 updates to previously released Notes. Five of the Security Notes addressed missing authorization checks in SAP products such as Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, and Enterprise Financial Services. One of the Security Notes released this month has a priority rating of High, while the remaining 12 are rated Medium, SAP notes in an advisory. Next in line are CVE-2019-0287 (CVSS score 6.3 - information disclosure in BusinessObjects), CVE-2019-0280 (CVSS score 6.3 - missing authorization check in Treasury and Risk Management), CVE-2019-0298 (CVSS score 6.1 - Cross-Site Scripting (XSS) in E-Commerce (Business-to-Consumer) application), and CVE-2019-0289 (CVSS score 5.4 - information disclosure in BusinessObjects).

loader gif