SAP Security Patch Day – October 2020: fix multi security vulnerabilities
On October 13, 2020, SAP officially released a risk notice for the October security update. In this update, SAP has fixed a total of 20 security vulnerabilities (including 2 serious vulnerabilities and 6 high-risk vulnerabilities).
Vulnerability Detail
- [CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)
Product – SAP Solution Manager (CA Introscope Enterprise Manager) and SAP Focused Run (CA Introscope Enterprise Manager), Versions – WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7- Update to security note released on August 2020 Patch Day:
[CVE-2020-6296] Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform
Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755- Update to security note released on April 2018 Patch Day:
Security updates for the browser control Google Chromium delivered with SAP Business Client
Product – SAP Business Client, Version – 6.5
Solution
In this regard, we recommend that users upgrade SAP products to the latest version in time.