Security News > 2020 > April > SAP's April 2020 Security Updates Patch Five Critical Vulnerabilities
SAP this week released its latest set of security patches, which brings a total of 23 Security Notes, including five that address Hot News vulnerabilities.
Another Hot News Security Note released as part of the April 2020 SAP Security Patch Day addresses a directory traversal vulnerability in SAP NetWeaver.
The fifth Security Note released on the April 2020 Security Patch Day is an update to a patch released on the November 2019 Patch Day, which addresses an OS command injection vulnerability in SAP Diagnostics Agent.
A total of five High Priority Security Notes were released as part of the April 2020 Patch Day, the most important of which is a missing authentication check in SAP Solution Manager.
The fifth High Priority patch is an update for a Security Note released on the March 2020 Patch Day, addressing a remote code execution bug in Business Objects Business Intelligence Platform, tracked as CVE-2020-6208 and featuring a CVSS score of 8.1.
News URL
Related news
- Food security: Accelerating national protections around critical infrastructure (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2020-6208 | Code Injection vulnerability in SAP Crystal Reports 4.1/4.2 SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. | 4.4 |