Monthly Security bulletin: Critical issues closed in January

The following SAP Security Notes can patch the most severe vulnerabilities of this update:

  • 2696233: SAP Cloud Connector has several vulnerabilities (CVSS Base Score: 9.3 CVE-2019-0246CVE-2019-0247). An attacker can use a missing authentication vulnerability to get access to service and read, modify or delete information. In addition, he or she could use administrative or privileged functionalities.
    The attacker can also use an OS command execution vulnerability for unauthorized execution of operating system commands. Executed commands will run with same privileges of the service that executed a command. The hacker can access arbitrary files and directories located in an SAP server filesystem including application source code, configuration, and critical system files. It allows obtaining critical technical and business-related information stored in a vulnerable SAP system.
    Install this SAP Security Note to prevent the risks.
  • 2727624: SAP Landscape Management has an Information Disclosure vulnerability (CVSS Base Score: 9.1 CVE-2019-0249). An attacker can use an Information disclosure vulnerability to reveal additional information (e.g., system data, debugging information, etc.) which will help to explore the system and plan other attacks.
    Install this SAP Security Note to prevent the risks.
  • 2724788: Adobe PDF Print Library has multiple vulnerabilities (CVSS Base Score: 7.3). Depending on a vulnerability, an implementation flaw can result in unpredictable behavior, isuues related to system stability and safety. Patches correct configuration errors, add new functionality and improve system stability.
    Install this SAP Security Note to prevent the risks.

Leave a Reply

Your email address will not be published. Required fields are marked *