Skip to Content

This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect his SAP landscape.

On 8th of August 2017, SAP Security Patch Day saw the release of 16 security notes.

List of security notes released on the August Patch Day:

Note# Title Priority CVSS
2486657 Directory Traversal vulnerability in SAP NetWeaver AS Java Web Container High 7.7
2376081 Code Injection vulnerability in Visual Composer 04s iviews High 7.4
2381071 Cross-Site AJAX Requests vulnerability in SAP BusinessObjects High 7.3
2499109 Collisions during UUID generation in SAP NetWeaver Java Server Medium 6.8
2494184 Cross-Site Request Forgery (CSRF) vulnerability in multiple SAP Sybase products Medium 6.3
2450979 SQL Injection vulnerability in SAP CRM WebClient User Interface Medium 6.3
2481262 Cross-Site Scripting (XSS) vulnerability in SAP CRM IPC Pricing Medium 6.1
2425744 Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI Medium 6.1
2417020 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML Medium 6.1
2493099 Multiple Security Vulnerabilities in SAP SRM Live Auction Application Medium 6.1
2392719 Potential Denial of Service vulnerability in Adobe Document Services Medium 5.3
2428512 Server-Side Request Forgery (SSRF) vulnerability in Web Intelligence BI Launchpad Medium 5
2453642 SQL Injection vulnerability in SAP NetWeaver Medium 4.7
2423540 URL Redirection Vulnerability in SAP NetWeaver Logon Application Medium 4.3
2394536 URL Redirection vulnerability in SAP NetWeaver K.M. Web Page Composer Low 3.5
2463354 Missing Authorization check in the ABAP Workbench tools Low 2.7

________________________________________________________________________________

Security Notes vs Vulnerability Types- August 2017

Security Notes vs Priority Distribution (March 2017 – August 2017)**

* Patch Day Security Notes are all notes that appear under the category of “Patch Day Notes” in SAP Support Portal

** Any Patch Day Security Note released after the second Tuesday, will be accounted for in the following SAP Security Patch Day.

Customers who would like to take a look at all Security Notes that are published or updated after the previous Patch Day see: https://support.sap.com/securitynotes -> All Security Notes -> Filter for notes which have been published after 11th July 2017.

To know more about the security researchers and research companies who have contributed for security patches of this month visit SAP Product Security Response Acknowledgement Page

Do write to us at secure@sap.com with all your comments and feedback on this blog post.

SAP Product Security Response Team

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply