Applexus Technologies Logo
Absoft, now part of Applexus
Learn more about Applexus
Click here to learn more about Applexus
Absoft blog

SAP Security Notes Review: March 2019

SAP Support
SAP Technical Services
SAP Managed Service
Blog Post
SAP Application Support
SAP Notes

Share This Post

SAP’s security patch day for March 2019 has seen the release of 12 SAP security notes covering 12 vulnerabilities, with one Critical and two High CVSS v3.0 Rating.

SAP Security notes by CVSS v3 Base Score

Two security notes in March 2019 refer to BusinessObjects products, four in NetWeaver AS ABAP.  The others are spread across products, with one of each affecting HANA XS, SAP Plant Connectivity, SAP Mobile Platform SDK, SAP Work Manager and SAP Inventory Manager, NetWeaver AS Java, and SAP Business Client.

SAP-Security-notes-by-product-category-March-2019

 

Critical and High Vulnerabilities: February 2019 Highlights

SAP NetWeaver AS Java

The one likely to affect the most customers with a Java stack is SAP Note 2689925  which fixes CVE-2019-0265 relating to a cross-site scripting (XSS) vulnerability in a Java demo application, and requires a patch to the specific Java software component to fix.

 

SAP HANA XS

One high rated vulnerability has been identified and corrected in SAP HANA XS this month.  SAP Note 2764283  fixes CVE-2019-0277 which allows developers privileged access into the SAP space which they should not be authorised.  SAP HANA XS is deployed with SAP HANA and is the ‘Classic’ development environment – it is been superseded by SAP HANA XS Advanced.

 

SAP Business Client

One critically rated vulnerability has been identified with some versions of SAP Business Client 6.5.  (SAP Note 2622660). This has occurred because of vulnerabilities discovered in Chromium, which is used as the embedded browser control used by SAP Business Client.

Other Vulnerabilities

There are notably four vulnerabilities affecting SAP NetWeaver AS ABAP which will affect a broad range of customers using almost any current ABAP based SAP product – these cover a broad range of SAP Kernels and a common software component.  Probably worth checking these for your organisation!

 

About this review

On the second Tuesday of each month, SAP release security updates to their software products.  At Absoft, we analyse all of the released security updates and produce this security review, including sending bespoke recommendations for each of our managed service customers.

There is more information on how we handle SAP security updates, including information on SAP’s process, the CVE process and the CVSS base scores in our earlier article on addressing security vulnerabilities in SAP software.

Search by a topic below...

Cloud Services 1
Cloud Services
Cloud Services
Cloud Services
Cloud Services
Cloud Services
Cloud Services
Cloud Services
Cloud Services

Read Our Latest Articles

Didn’t find what you are looking for? Send us your questions.

We are here to help.
Contact Us
Colleagues at work at Absoft SAP Consultancy

Company registration number: SC129581

Registered office: Davidson House, Campus 1, Aberdeen Innovation Park, Bridge of Don, Aberdeen, AB22 8GT

Contact
Connect
SAP Certified PCOE logo
Living Wage Employer

Is Your Business Ready to Embark on an S/4HANA Journey?

Jump Start Your Implementation with

Begin Your CeleRITE Assessment Today
celerite assessments2 (1)