SAP Security Patch Day – October 2020: fix multi security vulnerabilities

by ddos ·

On October 13, 2020, SAP officially released a risk notice for the October security update. In this update, SAP has fixed a total of 20 security vulnerabilities (including 2 serious vulnerabilities and 6 high-risk vulnerabilities).

Vulnerability Detail

  • [CVE-2020-6364OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)
    Product – SAP Solution Manager (CA Introscope Enterprise Manager) and SAP Focused Run (CA Introscope Enterprise Manager), Versions – WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7
  • Update to security note released on August 2020 Patch Day:
    [CVE-2020-6296Code Injection Vulnerability in SAP NetWeaver (ABAP) and ABAP Platform
    Product – SAP NetWeaver (ABAP Server) and ABAP Platform; Versions – 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755 
  • Update to security note released on April 2018 Patch Day:
    Security updates for the browser control Google Chromium delivered with SAP Business Client
    Product – SAP Business Client, Version – 6.5

Solution

In this regard, we recommend that users upgrade SAP products to the latest version in time.

Tags: SAP Security Patch October 2020