Security News > 2020 > November > SAP Patches Several Critical Vulnerabilities With November 2020 Security Updates
SAP's security updates for November 2020 patch several critical vulnerabilities affecting the company's Solution Manager, Data Services, ABAP, S4/HANA, and NetWeaver products.
One of the hot news patches resolves a total of four vulnerabilities related to missing authentication checks in SolMan, which provides a central management interface for SAP and non-SAP systems.
Another hot news patch addresses two vulnerabilities in SAP Data Services.
A code injection vulnerability affecting SAP AS ABAP and S/4 HANA and a privilege escalation issue in SAP NetWeaver Application Server for Java have also been rated hot news.
Three of the new patches address high-severity vulnerabilities, including server-side request forgery and reflected cross-site scripting issues in SAP Fiori Launchpad, an information disclosure issue in SAP Commerce Cloud, and DoS and SSRF bugs in Commerce Cloud.
News URL
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Major security audit of critical FreeBSD components now available (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)