Tuesday, October 20, 22:27
Home security SAP Marketing fixes critical vulnerabilities

SAP Marketing fixes critical vulnerabilities

Ten news security notes released this week by SAP as part of it September 2020 Security Patch Day, and updates for 6 previous security notes.


Two of the updates have critical bugs in SAP Marketing - Mobile Channel Servlet (CVE-2020-6320 - improper access control) and NetWeaver (ABAP Server) and ABAP Platform (CVE-2020-6318 - code input), which have ratings CVSS 9,6 and 9,1, respectively.

Mobile Channel Servlet allows you to create mobile campaigns Appliances, in which push notifications are sent to devices Android and iOS via Google Firebase. The critical flaw encountered this week allowed an attacker to gain access to limited functions.

"An exploitation of vulnerability allows an attacker to perform tasks related to contact and interaction data," she explains. Onapsis, a company specializing in application security Oracle and SAP.

Defective code entry in NetWeaver could allow an attacker to take full control of the application. Thus, the attacker could view, change, or delete data through code entered into memory and executed by the application, or it could cause the application to terminate.

SAP has fixed two other bugs, one of which allows a missing authorization check in Solution Manager (CVE-2020-6207, CVSS 10 rating) and another that deals with security updates for the Chromium Business Client browser (CVSS score of 9,8).

Two other security updates deal with high serious vulnerabilities, namely code entry in NetWeaver (ABAP) and the ABAP Platform (CVE-2020-6296) and a forgery of server applications in NetWeaver AS ABAP (CVE-2020-6275).

Five security notes released this week face moderate vulnerabilities in Bank Analyzer and S / 4HANA Financial Products (CVE-2020-6311), Commerce (CVE-2020-6302), NetWeaver AS ABAP (CVE-2020-6324), NetWeaver AS Java (CVE-2020-6326) and Fiori (Launchpad) (CVE-2020-6283).

Two other updates, many face vulnerabilities in the BusinessObjects Business Intelligence Platform (CVE-2020-6325, CVE-2020-6312 and CVE-2020-6288) and the 3D Visual Enterprise Viewer (38 CVEs).

This week, SAP also released updates for two errors Moderate: one addresses cross-site scripting (XSS) vulnerabilities in modified jQuery compatible with SAPUI5 (CVE-2020-11022, CVE-2020-11023) and another requires server repair for NetWeaver AS JAVA (CVE- 2020-6282).

SAP also announced a low-security security update that fixes an information leak vulnerability in Adaptive Server Enterprise (CVE-2020-6317).


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


Google removes two ad blockers that collect user data

Google removed two ad blocker extensions from the official Chrome Web Store over the weekend after realizing that they were stealing ...

Two out of five employees are not sure what phishing is

The COVID-19 pandemic posed a significant challenge for businesses around the world, as the dispersed workforce seems to be ...

Hackers disguise themselves as McAfee staff and deceive users

According to Google, hackers backed by the Chinese government were disguised as McAfee employees to trick users into ...

How to find products sold by Amazon itself

Amazon acts as an intermediary in the sale of millions of goods by thousands of sellers around the world. The quality of these products varies ....

How to stop the automatic switching of AirPods between iPhone and iPad

AirPods and AirPods Pro automatically switch between iPhone and iPad. If you turn off the iPad and start a call on your iPhone, ...

The Windows 10 KB4579311 update has an installation problem

Windows 10 users face many problems when installing the latest cumulative update KB4579311 and those who can ...

The big "Twitter hack" was the result of employee fraud

The biggest Twitter hack that has become known to date, was the one that took place last July and resulted in ...

Gang ransomware donates part of ransom to charities

The Darkside ransomware gang has donated 10 thousand dollars from the ransom it has collected from its victims to Children International ...

FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...