TR-20-223 (SAP Zafiyeti)

Genel Bilgi

SAP ürünlerinde kritik Yetki Yükseltme, Bilgi İfşası, XSS, DoS, İçerik Sahtekarlığı, Yol Geçişi ve Kod Enjeksiyonu zafiyetleri tespit edildi.

Etki

Birden çok mevcut güvenlik açıklığı nedeniyle, siber saldırganlar tarafından hedef alınan sistemlerde zafiyete sebebiyet verebilmektedir. Bu zafiyetin ileriki zamanlarda zararlı yazılım yaymakta da kullanılabileceği öngörülmektedir. CVE-2020-6234, CVE-2020-10383, CVE-2020-6195, CVE-2020-6211, CVE-2020-6214, CVE-2020-6215, CVE-2020-6216, CVE-2020-6217, CVE-2020-6218, CVE-2020-6219, CVE-2020-6221, CVE-2020-6222, CVE-2020-6223, CVE-2020-6224, CVE-2020-6225, CVE-2020-6226, CVE-2020-6227, CVE-2020-6228, CVE-2020-6229, CVE-2020-6230, CVE-2020-6231, CVE-2020-6232, CVE-2020-6233, CVE-2020-6235, CVE-2020-6236, CVE-2020-6237 ve CVE-2020-6238 .

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; SAP güncellemelerini ivedilikle yapmalarını önermektedir.

Kaynaklar

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10383

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6195

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6211

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6214

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6215

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6216

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6217

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6218

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6219

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6221

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6222

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6223

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6224

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6225

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6226

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6227

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6228

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6229

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6230

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6231

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6232

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6233

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6235

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6236

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6237

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6238

https://launchpad.support.sap.com/#/notes/2872782

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

https://launchpad.support.sap.com/#/notes/2896682

https://launchpad.support.sap.com/#/notes/2900374

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6234

2020-04-15