Security News > 2020 > September > Critical Access Control Vulnerability Patched in SAP Marketing
Two of the Security Notes are rated Hot News and address critical flaws in SAP Marketing - Mobile Channel Servlet and NetWeaver and ABAP Platform, which feature CVSS scores of 9.6 and 9.1, respectively.
"An exploit of the vulnerability enables an attacker to perform tasks related to contact and interaction data," Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.
SAP updated two other Hot News Security Notes, one addressing a missing authorization check in Solution Manager, and another that deals with security updates for the Chromium browser in Business Client.
Two other updated Security Notes deal with high-severity vulnerabilities, namely a code injection in NetWeaver and ABAP Platform, and a server-side request forgery in NetWeaver AS ABAP. "Three of the six HotNews and High Priority notes only contain more or less negligible update information that does not require customer action. The two HotNews notes #2961991 and #2958563 only affect a small number of SAP customers. That gives enough time to check the status of all relevant security patches in your SAP systems," Onapsis notes.
This week, SAP released updates for two medium-priority bugs: one addressing cross-site scripting vulnerabilities in the modified jQuery bundled with SAPUI5 and another patching a server-side request forgery in NetWeaver AS JAVA. SAP also announced a low-priority Security Note that patches an information disclosure vulnerability in Adaptive Server Enterprise.
News URL
Related news
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)