Security News > 2020 > November > SAP Patches Several Critical Vulnerabilities With November 2020 Security Updates
SAP's security updates for November 2020 patch several critical vulnerabilities affecting the company's Solution Manager, Data Services, ABAP, S4/HANA, and NetWeaver products.
One of the hot news patches resolves a total of four vulnerabilities related to missing authentication checks in SolMan, which provides a central management interface for SAP and non-SAP systems.
Another hot news patch addresses two vulnerabilities in SAP Data Services.
A code injection vulnerability affecting SAP AS ABAP and S/4 HANA and a privilege escalation issue in SAP NetWeaver Application Server for Java have also been rated hot news.
Three of the new patches address high-severity vulnerabilities, including server-side request forgery and reflected cross-site scripting issues in SAP Fiori Launchpad, an information disclosure issue in SAP Commerce Cloud, and DoS and SSRF bugs in Commerce Cloud.
News URL
Related news
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Most critical vulnerabilities aren’t worth your attention (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)