Security News > 2020 > April > SAP's April 2020 Security Updates Patch Five Critical Vulnerabilities
SAP this week released its latest set of security patches, which brings a total of 23 Security Notes, including five that address Hot News vulnerabilities.
Another Hot News Security Note released as part of the April 2020 SAP Security Patch Day addresses a directory traversal vulnerability in SAP NetWeaver.
The fifth Security Note released on the April 2020 Security Patch Day is an update to a patch released on the November 2019 Patch Day, which addresses an OS command injection vulnerability in SAP Diagnostics Agent.
A total of five High Priority Security Notes were released as part of the April 2020 Patch Day, the most important of which is a missing authentication check in SAP Solution Manager.
The fifth High Priority patch is an update for a Security Note released on the March 2020 Patch Day, addressing a remote code execution bug in Business Objects Business Intelligence Platform, tracked as CVE-2020-6208 and featuring a CVSS score of 8.1.
News URL
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2020-6208 | Use After Free vulnerability in SAP Crystal Reports 4.1/4.2 SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. | 8.2 |