successful victimization of the vulnerability want admittance to the malicious register by a substance abuser with administrative prerogative that trim back the CVSS account to 9 — differently it would have been 9.9 . SAP likewise published two High Priority Security Notes for piece uncompleted authentication psychometric test , one on the Business Objects Business Intelligence System – CVE-2020 - 6294 ( CVSS seduce 8.5 ) – and one on the Banking Services ( Generic Market Data ) – CVE-2020 - 6298 ( CVSS rack up 8.3 ) – and the early on the Adaptive Server Enterprise ( CVSS sexual conquest 7 ) . Another Hot News Security Note issue on this Security Patch Day is an update to a July 2020 Security Note turn to a decisive hemipterous insect ( CVSS seduce 10 ) in NetWeaver AS JAVA ( LM Configuration Wizard ) that is chase after as CVE-2020 - 6287 and as well bid RECON ( remotely Exploitable Code On NetWeaver ) . The virtually crucial of these is The upload feature article , reveal ERP cyber - security measure supplier Onapsis , could be exploit to upload JavaScript cipher curb malicious HTML filing cabinet to run a hive away XSS attack . Knowledge management , a nonpayment sport of all SAP Enterprise vena portae facility , reserve exploiter to care multiform information generator , construct and interchange content and directory , and upload lodge . a crossing - web site script ( XSS ) flaw in NetWeaver ’s Knowledge Management feature . SAP too publish three High Priority Security Notes on the August 2020 Security Patch Day turn to exposure in NetWeaver : CVE-2020 - 6296 ( CVSS grade 8.3 ) – inscribe injectant in NetWeaver ( ABAP ) and ABAP Platform ; CVE-2020 - 6309 ( CVSS scotch 7.5 ) – miss certification in NetWeaver AS java ; and CVE-2020 - 6293 ( CVSS rack up 7.3 ) – uncontrolled upload of data file to NetWeaver ( Knowledge Management ) . All left Security Notes egress on Security Patch Day in August 2020 get mass medium antecedence bug , let in XSS vulnerability in SAP Commerce , update jQuery bunch with SAPUI5 , and Business Objects Business Intelligence Platform ( Central Management Console ) ; revealing of entropy in Data Intelligence , and NetWeaver ( ABAP Server ) and ABAP Platform ; and incomplete say-so prove in ERP ( HCM Travel Management ) and S/4 HANA ( Fiori UI for General Ledger Accounting ) . traverse as CVE-2020 - 6284 and with priority in Hot News , the trouble ingest a grievance of 9 in CVSS . The job was referable to an inefficient permeate scheme designed to keep the upload of single file with executable codification stick in . agree to Onapsis , if a mess for the Knowledge Management Hot News bug is not implemented , so CVE-2020 - 6293 – which enable an interloper to habitus , commute or dispatch charge in the Knowledge Management parcel – may be exploit without authentication , which significantly addition its CVSS tally to 9.6 , attain it a vital pester . using of any of these hemipterous insect may guide to disaffirmation of divine service , leakage of creep and keyboard bodily process and capableness to read screenshots , Reading Secure Business Partner Generic Market Data ( GMD ) , or recital selective information in the facility lumber file .