SAP has released security patches to address multiple vulnerabilities in their Business Client, Commerce, and NetWeaver products.
A few of the vulnerabilities have been classified as critical in severity and require the immediate attention of the administrator of the affected SAP products. They are listed in the table below.
||Security updates for the browser control Google Chromium delivered with SAP Business Client
||Remote Code Execution vulnerability in Source Rules of SAP Commerce
||Missing Authorisation Check in SAP NetWeaver AS for JAVA (Migration Service)
||Information disclosure in SAP NetWeaver Master Data Management
||Information disclosure in SAP Solution Manager
||Missing authorisation check in SAP NetWeaver AS ABAP and SAP S4 HANA (SAP Landscape Transformation)
||Unquoted search path in SAPSetup
||Information disclosure in SAP NetWeaver AS for Java (Telnet Commands)
For the full list of security patches released by SAP, please refer to https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649