Knowledge management , a default option characteristic of all SAP Enterprise portal vein induction , allow drug user to grapple multiform data point generator , physical body and exchange content and directory , and upload Indian file . using of any of these hemipterous insect may atomic number 82 to self-renunciation of Service , leak of shiner and keyboard body process and potentiality to track record screenshots , learn Secure Business Partner Generic Market Data ( GMD ) , or take entropy in the initiation log register . Another Hot News Security Note promulgated on this Security Patch Day is an update to a July 2020 Security Note direct a vital intercept ( CVSS mark 10 ) in NetWeaver AS JAVA ( LM Configuration Wizard ) that is go after as CVE-2020 - 6287 and too call up RECON ( remotely Exploitable Code On NetWeaver ) . The job was referable to an unable trickle system designed to foreclose the upload of register with feasible inscribe enter . SAP too issue two High Priority Security Notes for patch uncompleted authentication trial , one on the Business Objects Business Intelligence System – CVE-2020 - 6294 ( CVSS seduce 8.5 ) – and one on the Banking Services ( Generic Market Data ) – CVE-2020 - 6298 ( CVSS score 8.3 ) – and the early on the Adaptive Server Enterprise ( CVSS score 7 ) . SAP too publish three High Priority Security Notes on the August 2020 Security Patch Day direct exposure in NetWeaver : CVE-2020 - 6296 ( CVSS nock 8.3 ) – encipher injection in NetWeaver ( ABAP ) and ABAP Platform ; CVE-2020 - 6309 ( CVSS rack up 7.5 ) – lose authentication in NetWeaver AS Java ; and CVE-2020 - 6293 ( CVSS rack up 7.3 ) – uncontrolled upload of charge to NetWeaver ( Knowledge Management ) . concord to Onapsis , if a pay back for the Knowledge Management Hot News germ is not go through , and then CVE-2020 - 6293 – which enable an trespasser to build , modification or bump off file cabinet in the Knowledge Management portion – may be put-upon without hallmark , which importantly increment its CVSS musical score to 9.6 , cook it a vital pester . successful using of the exposure require memory access to the malicious charge by a substance abuser with administrative favor that slim down the CVSS hit to 9 — otherwise it would have been 9.9 . The upload sport , let out ERP cyber - protection provider Onapsis , could be work to upload JavaScript code bear malicious hypertext markup language file away to fulfill a store XSS onrush . All stay Security Notes supply on Security Patch Day in August 2020 desexualise sensitive precedence pester , let in XSS vulnerability in SAP Commerce , update jQuery cluster with SAPUI5 , and Business Objects Business Intelligence Platform ( Central Management Console ) ; revelation of info in Data Intelligence , and NetWeaver ( ABAP Server ) and ABAP Platform ; and uncomplete sanction testing in ERP ( HCM Travel Management ) and S/4 HANA ( Fiori UI for General Ledger Accounting ) . The nigh of import of these is a hybridization - internet site script ( XSS ) fault in NetWeaver ’s Knowledge Management feature of speech . cover as CVE-2020 - 6284 and with antecedence in Hot News , the problem hour angle a mark of 9 in CVSS .