- January 14, 2019
- Posted by: admin
- Category: Uncategorized
11 patches ship on Patch Tuesday
SAP German software- While you were sighing your way through Microsoft’s Patch Tuesday, enterprise vendor SAP slid 11 security advisories under your door.
Top of the list is a depressingly familiar howler in SAP Cloud Connector pre-version 2.11.3: the software neglects authentication checks for functions that require user identity (CVE-2019-0246). A related bug in Cloud Connector (the same versions), CVE-2019-0247, can be exploited to achieve remote code injection.
The German titan’s systems management environment, SAP Landscape Management, is also on the critical list thanks to a sketchily described information disclosure bug, CVE-2019-0249.
Two other products suffered authentication slip-ups. The company’s BW/4HANA data warehouse (CVE-2019-0243), and SAP Enterprise Financial Services (CVE-2018-2484), both have authentication blunders that can result in privilege escalation.
SAP Financial Consolidation Cube Designer could reveal password hashes (CVE-2018-2499), and the ABAP application server had an undefined information disclosure bug (CVE-2019-0248).
There are two denial-of-service bugs in the list: one in the company’s Work and Inventory Manager (CVE-2019-0241), the other via crafted malicious links in Business Objects for Android (CVE-2019-0240).
Finally, there’s one cross-site scripting bug patched in SAP Commerce (CVE-2019-0238) and two in the company’s CRM Web Client UI (CVE-2019-0244 and CVE-2019-0245).
Read More Here
Article Credit: The Register
The post Make a SAP decision: Apply these security fixes if you’re using German giant’s software appeared first on erpinnews.