SAP SE has released a patch set that addresses 11 vulnerabilities in nine products. The severity of one of the new problems is rated as high, the rest – as moderate.
The developers have also updated critical vulnerability bulletins in the Business Client and SolMan Diagnostics Agent programs.The business client is based on Chromium, and SAP adjusts the initial patch with each new release of this browser.
“The ability to inject commands into the Diagnostics Agent application (CVE-2019-0330) was first closed in July, but further exploration of this hole generated several more attack scenarios, and the patch was fixed every time”, – SAP SE reports in the update bulletin.
The latest update to the newsletter says that the new version of the patch is the most comprehensive.
Read also: Adobe patched 11 vulnerabilities in its web design tools
Of the recently discovered vulnerabilities, the most dangerous is CVE-2019-0396 (7.1 points on the CVSS scale). The reason for its appearance is incorrect filtering of the content of XML documents in the web interface of the BusinessObjects Business Intelligence (BI) administration platform.
“Such an error can lead to the disclosure of important information or a complete failure of the system”, – reported Onapsis security researchers that discovered the vulnerability.
The remaining problems received from 4.3 to 6.5 CVSS points. In the breakdown by types of vulnerabilities, the list of SAP can be represented as following:
- crossite scripting in BusinessObjects BI and the SAP Enable Now training platform;
- lack of access control in ERP Sales, SAP S / 4HANA Sales and Treasury and Risk Management applications;
- privilege escalation in the NetWeaver AS Java application server;
- implementation of SQL-code in the quality management program Quality Management;
- content spoofing in the HTTP request handler of the commercial JavaScript framework UI5;
- disclosure of information in the distributed data management software Data Hub and the NetWeaver AS Java server (in the latter case, according to Onapsis, the problem is caused by the lack of access control at the eCATT service level).