. home.aspx



SAP Patches Critical Vulnerability in HANA Streaming Analytics

November 13, 2018 / Ionut Arghire

SAP this week published its November 2018 set of security patches, which include 11 new Security Patch Day Notes, along with 3 updates for previously released notes. This month’s Security Notes include a Hot News note, five notes rated High, and eight notes considered Medium risk. The most important of the Notes (CVSS score of 9.9) addresses two vulnerabilities in the Spring Framework library used by SAP HANA Streaming Analytics, tracked as CVE-2018-1270 and CVE-2018-1275. The remote command execution issue could be exploited for unauthorized code execution, allowing an attacker to access arbitrary files and directories located in an SAP server file system, ERPScan, a company that specializes in securing SAP and Oracle applications, says. Another critical SAP security note (CVSS score 8.6) released this month addresses four vulnerabilities (CVE-2018-2488, CVE-2018-2491, CVE-2018-2489, and CVE-2018-2490) in the SAP Fiori Client for Android, the native mobile application used for c...