SAP has released security patches to address several vulnerabilities in their products. They are listed in the table below.
A few of the vulnerabilities have been classified as high in severity. Administrators of affected products are advised to prioritise the patching of these vulnerabilities.
||Unrestricted File Upload vulnerability in SAP Business One
||Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure (Component Build Service)
||SQL Injection vulnerability in SAP NZDT Row Count Reconciliation
||Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal
||Missing Authentication check in SAP Business One
||Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Notification Service)
||Multiple Vulnerabilities in SAP Cloud Connector
||Missing Authorisation Check in SAP Business One (Service Layer)
||Missing Authorisation check in SAP NetWeaver AS ABAP and ABAP Platform
||Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)
||Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)
For the full list of security patches released by SAP, please refer to: