TT 脆弱性 Blog

脆弱性情報に関する「個人」の調査・研究のログ

SAP Security Patch Day – August 2020

【概要】

■CVE番号

CVE番号         備考
CVE-2020-6287 Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard)
CVE-2020-6284 Cross-Site Scripting (XSS) vulnerability in SAP Netweaver (Knowledge Management)
CVE-2020-6294 Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
CVE-2020-6298 Missing Authorization check in SAP Banking Services (Generic Market Data)
CVE-2020-6296 Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform
CVE-2020-6309 Missing Authentication check in SAP NetWeaver AS JAVA
CVE-2020-6293 Unrestricted File Upload in SAP NetWeaver (Knowledge Management)
CVE-2020-6295 Information Disclosure in SAP Adaptive Server Enterprise
CVE-2020-6297 Information Disclosure in SAP Data Intelligence
CVE-2020-6301 Missing Authorization check in SAP ERP (HCM Travel Management)
CVE-2020-6300 Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console)
CVE-2020-6273 Missing Authorization check in SAP S/4 HANA (Fiori UI for General Ledger Accounting
CVE-2020-6299 Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform
CVE-2020-6310 Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform


【公式情報】

◆SAP Security Patch Day – August 2020 (SAP, 2020/08/13)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345


【関連情報】

◆SAP、定例パッチを公開 - 深刻な脆弱性へ対処 (Security NEXT, 2020/08/12)
http://www.security-next.com/117489
https://vul.hatenadiary.com/entry/2020/08/14/000000_1


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 2006 - 2017