Skip to Content

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that customers visit the Support Portal and apply patches on a priority to protect their SAP landscape.

On 9th of May 2017, SAP Security Patch Day saw the release of 9 security notes. Additionally, there were 2 updates to previously released security notes.

List of security notes released on the May Patch Day:

Note#

Title

Priority

CVSS

2376743 Missing Authorization check in EA-DFPS utilities Medium 6.5
2442630 Missing Authorization check in EA-DFPS Medium 6.3
2423486 Update to Security Note released on Apr 2017 Patch Day: Missing Authorization check in SAP NetWeaver ADBC Demo Programs Medium 6.3
2443586 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Authentication and SSO Medium 6.1
2424671 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Generic Object Services Medium 5.4
2448972 Improved Permission Checks for opening connection in SAP GUI for Java Medium 5.1
2412897 Cross-Site Scripting (XSS) vulnerability in Enterprise Portal Medium 4.8
2441560 Potential Denial of Service (DoS) in SAPCAR Medium 4.5
2394024 Missing Authorization check in EA-DFPS Medium 4.3
2235515 Update to Security Note released on Nov 2015 Patch Day:
Insufficient logging in SNOTE
Medium 4.3
2406918 Missing XML Validation vulnerability in SAP NetWeaver Web Services Configuration UI Low 3.8

 

Security Notes vs Vulnerability Types- May 2017

 

Security Notes vs Priority Distribution (December 2016 – May 2017)**

* Patch Day Security Notes are all notes that appear under the category of “Patch Day Notes” in SAP Support Portal

** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.

Customers who would like to take a look at all Security Notes that are published or updated after the previous Patch Day see: https://support.sap.com/securitynotes -> All Security Notes -> Filter for notes which have been published after 11th April 2017.

To know more about the security researchers and research companies who have contributed for security patches of this month visit SAP Product Security Response Acknowledgement Page

Do write to us at secure@sap.com with all your comments and feedback on this blog post.

SAP Product Security Response Team

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Keira Haynes

    The security patch day is totally organizing the thing which can be easily accessible by every people and they are trying their best to have those things more properly and they are trying some new strategies and plan into it which would be more successful in it and the UK essay writing service are having the new securities and they are also updating the things which are not proper to them and they should take out those things which are not working properly and they should also summarize this thing in a proper way.

    (0) 

Leave a Reply