【概要】
■CVE番号
CVE番号 | 備考 |
---|---|
CVE-2020-6287 | Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) |
CVE-2020-6284 | Cross-Site Scripting (XSS) vulnerability in SAP Netweaver (Knowledge Management) |
CVE-2020-6294 | Missing Authentication check in SAP BusinessObjects Business Intelligence Platform |
CVE-2020-6298 | Missing Authorization check in SAP Banking Services (Generic Market Data) |
CVE-2020-6296 | Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform |
CVE-2020-6309 | Missing Authentication check in SAP NetWeaver AS JAVA |
CVE-2020-6293 | Unrestricted File Upload in SAP NetWeaver (Knowledge Management) |
CVE-2020-6295 | Information Disclosure in SAP Adaptive Server Enterprise |
CVE-2020-6297 | Information Disclosure in SAP Data Intelligence |
CVE-2020-6301 | Missing Authorization check in SAP ERP (HCM Travel Management) |
CVE-2020-6300 | Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console) |
CVE-2020-6273 | Missing Authorization check in SAP S/4 HANA (Fiori UI for General Ledger Accounting |
CVE-2020-6299 | Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform |
CVE-2020-6310 | Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform |
【公式情報】
◆SAP Security Patch Day – August 2020 (SAP, 2020/08/13)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
【関連情報】
◆SAP、定例パッチを公開 - 深刻な脆弱性へ対処 (Security NEXT, 2020/08/12)
http://www.security-next.com/117489
⇒ https://vul.hatenadiary.com/entry/2020/08/14/000000_1