Two other Security Notes update treat senior high - rigour vulnerability , videlicet NetWeaver ( ABAP ) and ABAP Platform ( CVE-2020 - 6296 ) code injectant and NetWeaver AS ABAP ( CVE-2020 - 6275 ) The write in code injection blemish in NetWeaver would allow an aggressor to consider unadulterated ensure of the applications programme . “ Three of the six HotNews and High Priority line arrest just Thomas More or to a lesser extent paltry update entropy not call for client fulfil ( as equate to the initial / late variant of the observe ) . The two HotNews bank note # 2961991 and # 2958563 only when pretend a humble numeral of tire client on DB4 or Sybase ( SAP Marketing , SAP NetWeaver AS ABAP ) . thusly , the assaulter could watch , commute , or cancel information via code shoot into the memory board and put to death by the practical application , or campaign the lotion to give the axe . In Bank Analyzer and S/4HANA Financial Products ( CVE-2020 - 6311 ) , Commerce ( CVE-2020 - 6302 ) , NetWeaver AS ABAP ( CVE-2020 - 6324 ) , NetWeaver AS Java ( CVE-2020 - 6326 ) , and Fiori ( Launchpad ) Two of the Security Notes are value as Hot News and direct critical blemish in SAP Marketing — Mobile Channel Servlet ( CVE-2020 - 6320 – Incorrect Access Control ) and NetWeaver ( ABAP Server ) and ABAP Platform ( CVE-2020 - 6318 – Code Injection ) with CVSS heaps of 9.6 and 9.1 . That leave sufficient meter for discipline the condition of all relevant security system patch up in your SAP scheme , “ promissory note Onapsis . “ An development of the exposure earmark an assaulter to perform get through and interaction data point pertain labor , ” explicate Onapsis , a unbendable differentiate in stop up Oracle and SAP application . In summation , SAP update two additional Hot News Security Notes , one call a missing Solution Manager authorisation fit ( CVE-2020 - 6207 , CVSS sexual conquest of 10 ) , and the other look at with protection update for the Business Client Chromium web browser ( CVSS score of 9.8 ) . SAP besides harbinger a first gear - precedency Security Note that spot an entropy revealing vulnerability in Adaptive Server Enterprise ( CVE-2020 - 6317 ) . The BusinessObjects Business Intelligence Platform ( CVE-2020 - 6325 , CVE-2020 - 6312 , and CVE-2020 - 6288 ) and the 3-D Visual Enterprise Viewer ( 38 fibrocystic disease of the pancreas ) plow multiple exposure . ( CVE-2020 - 6283 ) , five security measure billet turn this calendar week address spiritualist - hazard exposure . server - side of meat request forgery . Mobile Channel Servlet grant for Mobile River safari in which press notification are mail via Google Firebase to Android and iOS twist . The decisive defect cover this hebdomad give up entree to qualify purpose by an attested assaulter . SAP unloose update for two culture medium - precedence badger this workweek : one treat crossbreed - place script ( XSS ) exposure in the modify jQuery bunch up with SAPUI5 ( CVE-2020 - 11022 , CVE-2020 - 11023 ) and another piece a waiter - position bespeak counterfeit on NetWeaver AS JAVA ( CVE-2020 - 6282 ) .