By Ionut Arghire on May 13, 2020
SAP’s May 2020 Security Patch Day updates, which the company released on Tuesday, include a total of 18 Security Notes and 4 updates to previous Notes, with six of them rated Hot News.
The most important of the Notes addresses a code injection vulnerability in NetWeaver Application Server ABAP. Tracked as CVE-2020-6262 and featuring a CVSS score of 9.9, the issue exists because a remote-enabled function module that dynamically generates code fails to sufficiently validate input.
The bug could allow an attacker to take control of an ABAP system connected to a Solution Manager (SolMan) system. The flaw affects ABAP versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, and 740.