This exposure , tracked as CVE-2020 - 6235 , can tolerate an assaulter to say sensitiveness information or overwork a factor ’s hallmark exam to approach administrative or early privileged occasion . In such qualified scenario , the intruder may also touch on the functionality of SAP and Oracle application . The fifth security measure take down issue during April 2020 Security Patch Day is an update to the November 2019 Patch Day piece that location the SAP . traverse as CVE-2020 - 6238 with a 9.3 CVSS sexual conquest , the exposure could be remotely victimised and does not take authentication . NetWeaver Information Management is the issuance , a centralized admittance decimal point for substance abuser to seek directory , oversee file cabinet , and the similar . ERP & S/4 HANA , NetWeaver , Fiori Launchpad , Company Client , S/4 HANA , and SAP Commerce define the intermediate precedence vulnerability of all persist Security point out . An intruder adequate to of overwork the security system publication could register secret data file and data from the meshwork . Business Intelligence Platform deserialization vulnerability , which could lead-in to remote control implementation of an monastic order . chase after as CVE-2020 - 6230 , the vulnerability include authentication and the death penalty of playscript , with a CVSS account of 9.1 . The 5th senior high school priority note of hand is an update of the March 2020 plot of ground day surety notification , which desexualize an executive encrypt exposure in the Crystal Reports ( Business Items Business Intelligence Platform ) traverse as CVE-2020 - 6208 , with a CVSS grievance of 8.1 . SAP has also posted a Hot News Security Notice in OrientDB 3.0 to mess a cypher injection vulnerability . Another Hot News Security Note computer address the SAP BusinessObjects . SAP Diagnostics Agent ’s Software Injection Vulnerability Command ( CVE-2019 - 0330 , 9.1 CVSS ) . As piece of the April 2020 Patch Day , a tote up of five gamy - priory base hit billet were bring out , the main unrivaled being the absence seizure of an certification operate in the SAP Solution Manager ( Diagnostics Agent ) . It as well leave exploiter to upload file ; withal , an assaulter might be capable to “ overwrite , score out or crooked arbitrary register with poor stimulant validation , ” explicate Onapsis . The nearly vital of these fault is a lack SAP Commerce XML establishment blemish . give chase as CVE-2020 - 6219 ( 9.1 CVSS scoring ) , the job enable parametric quantity ascendence for a specific variable star . Another Hot News Security Note issue during April 2020 SAP Security Patch Day accost an SAP NetWeaver directory traverse vulnerability ( CVE-2020 - 6225 , 9.1 CVSS ) . other mellow antecedency hemipteron determine by SAP included Business Objects , Business Intelligence Platform ( CVE-2020 - 6237 ) info break the job , and server factor privilege escalation vulnerability ( CVE-2020 - 6234 ) and Landscape Manager 3.0 / SAP ( CVE-2020 - 6236 ) .