SAP Security Notes Review: June 2019

SAP’s security patch day for June 2019 has seen the release of 12 SAP security notes with only one High and no critical CVSS v3.0 Rating.

 

Four security notes in June 2019 refer to NetWeaver PI. Two have been released for Solution Manager 7.2. In addition to that, another two have been released for SAP Business Objects and Inventory Manager. The others are spread across a range of products including SAP HANA XS and CRM.

 

Critical and High Vulnerabilities: June 2019 Highlights

 

SAP Solution Manager 7.2

 

One high rated vulnerability has been identified and corrected in SAP Solution Manager 7.2.

This sap note SAP Note 2748699 fixes insufficient protection of files containing user and password information.

 

Other Vulnerabilities

 

There are further medium vulnerabilities affecting SAP NetWeaver AS ABAP and NetWeaver PI which will affect a broad range of customers using almost any current ABAP based SAP product – these cover a broad range of SAP Kernels and a common software component. Probably worth checking these for your organisation!

 

About this review

 

On the second Tuesday of each month, SAP release security updates to their software products.  At Absoft, we analyse all of the released security updates and produce this security review, including sending bespoke recommendations for each of our managed service customers. 

 

There is more information on how we handle SAP security updates, including information on SAP’s process, the CVE process and the CVSS base scores in our earlier article on addressing security vulnerabilities in SAP software.