Security News > 2020 > September > Critical Access Control Vulnerability Patched in SAP Marketing

Two of the Security Notes are rated Hot News and address critical flaws in SAP Marketing - Mobile Channel Servlet and NetWeaver and ABAP Platform, which feature CVSS scores of 9.6 and 9.1, respectively.

"An exploit of the vulnerability enables an attacker to perform tasks related to contact and interaction data," Onapsis, a firm that specializes in securing Oracle and SAP applications, explains.

SAP updated two other Hot News Security Notes, one addressing a missing authorization check in Solution Manager, and another that deals with security updates for the Chromium browser in Business Client.

Two other updated Security Notes deal with high-severity vulnerabilities, namely a code injection in NetWeaver and ABAP Platform, and a server-side request forgery in NetWeaver AS ABAP. "Three of the six HotNews and High Priority notes only contain more or less negligible update information that does not require customer action. The two HotNews notes #2961991 and #2958563 only affect a small number of SAP customers. That gives enough time to check the status of all relevant security patches in your SAP systems," Onapsis notes.

This week, SAP released updates for two medium-priority bugs: one addressing cross-site scripting vulnerabilities in the modified jQuery bundled with SAPUI5 and another patching a server-side request forgery in NetWeaver AS JAVA. SAP also announced a low-priority Security Note that patches an information disclosure vulnerability in Adaptive Server Enterprise.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/sRzTbdAVa4Q/critical-access-control-vulnerability-patched-sap-marketing