Software giant SAP has released October 2020 Security Patch Day that includes 15 separate security advisories and patches.
One of the Critical patches fixes an OS Command Injection Vulnerability CVE-2020-6364 in CA Introscope Enterprise Manager.
This issue impacts SAP Solution Manager and SAP Focused Run products.
To add, the update also includes updates for the following new High severity vulnerabilities:
- CVE-2020-6367 – Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Composite Application Framework
- CVE-2020-6366 – Missing XML Validation in SAP NetWeaver (Compare Systems)
- CVE-2020-6369 – Hard-coded Credentials in CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run).
SAP also updated 10 new Medium severity vulnerabilities.
Furthermore SAP also added revisions to 6 security notes for vulnerabilities released in previous Patch Days.