Software manufacturer SAP has three critical weaknesses to Patchday NetWeaver Application Server for Java, from BusinessObjects BI platform and business warehouse removed. In addition, eliminate updates for the SAP Solution Manager, NetWeaver AS ABAP and SAP S4 HANA Two vulnerabilities with "High"-classification.
Fixes for five "medium"- and a "Low"-Lucke and updates for safety instructions. Fruher patchdays complete the security update publications for December. SAPS Advisory to Security Patchday summarizes as always updates.
Overview of the critical light
At the three as critical (SAP internal designation "Hot News") Rated leches are missing authentication conversions and XML validation mechanisms as well as the possibility of a code injection. Specifically, you will find the following software versions:
- CVE-2020-26829 (CVSS 10): NetWeaver AS Java (P2P Cluster Communication) 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
- CVE-2020-26831 (CVSS 9.6): SAP BusinessObjects BI (Crystal Report) 4.1, 4.2, 4.3
- CVE-2020-26838 (CVSS 9.1): SAP Business Warehouse 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782; SAP BW4HANA 100, 200
Further information, also available updates, are SAPs Advisory and the Security Notes linked to it in the password-deprived support area.