SAP Security Notes Review: May 2019

SAP Security Notes Review May 2019

Share This Post

Share on linkedin
Share on twitter
Share on facebook
Share on email

SAP’s security patch day for May 2019 has seen the release of 11 SAP security notes covering 11 vulnerabilities, with only one High and no critical CVSS v3.0 Rating.

SAP Security notes by CVSS v3 Base Score May 2019

Three security notes in May 2019 refer to the NetWeaver AS Java. Two have been released for NetWeaver AS ABAP & S/4 HANA. In addition to that, another two have been released for SAP Business Objects and solution tools. The others are spread across a range of products including SAP Identity Management and CRM.

SAP Security Notes May 2019 by Product Category

Critical and High Vulnerabilities: May 2019 Highlights

SAP Identity Management

One high rated vulnerability has been identified and corrected in SAP Identity Management REST Interface Version 2.

This sap note SAP Note 2784307 fixes a programming error for systems which are using SAP Identity Management 8.0 SP06.

Other Vulnerabilities

There are further vulnerabilities affecting SAP NetWeaver AS ABAP which will affect a broad range of customers using almost any current ABAP based SAP product – these cover a broad range of SAP Kernels and a common software component. Probably worth checking these for your organisation!

About this review

On the second Tuesday of each month, SAP release security updates to their software products.  At Absoft, we analyse all of the released security updates and produce this security review, including sending bespoke recommendations for each of our managed service customers.

There is more information on how we handle SAP security updates, including information on SAP’s process, the CVE process and the CVSS base scores in our earlier article on addressing security vulnerabilities in SAP software.

SAP Security Notes 2019

Search by a topic below...

Read our latest articles...

Didn’t find what you are looking for? Send us your questions.

We are here to help.