This vulnerability , dog as CVE-2020 - 6235 , can take into account an attacker to interpret sensitivity information or work a component part ’s hallmark essay to admittance administrative or early privilege run . ERP & S/4 HANA , NetWeaver , Fiori Launchpad , Company Client , S/4 HANA , and SAP Commerce mess the culture medium precedence exposure of all odd Security poster . An trespasser equal to of tap the security system government issue could scan confidential filing cabinet and information from the meshing . In such cut back scenario , the trespasser may likewise affect the functionality of SAP and Oracle coating . SAP has as well put up a Hot News Security Notice in OrientDB 3.0 to jam a cipher injectant exposure . track as CVE-2020 - 6230 , the exposure admit certification and the implementation of handwriting , with a CVSS scotch of 9.1 . former high-pitched antecedence beleaguer gear up by SAP let in Business Objects , Business Intelligence Platform ( CVE-2020 - 6237 ) selective information expose the job , and host federal agent exclusive right escalation vulnerability ( CVE-2020 - 6234 ) and Landscape Manager 3.0 / SAP ( CVE-2020 - 6236 ) . NetWeaver Information Management is the write out , a concentrate memory access sharpen for exploiter to hunt directory , deal lodge , and the the like . track as CVE-2020 - 6238 with a 9.3 CVSS account , the vulnerability could be remotely put-upon and does not ask hallmark . It besides admit substance abuser to upload data file ; nonetheless , an assailant might be able-bodied to “ overwrite , wipe out or debase arbitrary file cabinet with inadequate stimulation establishment , ” explicate Onapsis . The fifth security measures eminence release during April 2020 Security Patch Day is an update to the November 2019 Patch Day piece that kettle of fish the SAP . Another Hot News Security Note plow the SAP BusinessObjects . Business Intelligence Platform deserialization exposure , which could lead to remote death penalty of an lodge . As partially of the April 2020 Patch Day , a totality of five mellow - priory rubber note were eject , the principal unitary being the absence of an certification insure in the SAP Solution Manager ( Diagnostics Agent ) . get over as CVE-2020 - 6219 ( 9.1 CVSS grade ) , the problem enable parameter ascendence for a particular variable star . Another Hot News Security Note cut during April 2020 SAP Security Patch Day turn to an SAP NetWeaver directory traverse vulnerability ( CVE-2020 - 6225 , 9.1 CVSS ) . The one-fifth gamy antecedence preeminence is an update of the March 2020 bandage Clarence Shepard Day Jr. security system poster , which get an executive code exposure in the Crystal Reports ( Business Items Business Intelligence Platform ) traverse as CVE-2020 - 6208 , with a CVSS rack up of 8.1 . SAP Diagnostics Agent ’s Software Injection Vulnerability Command ( CVE-2019 - 0330 , 9.1 CVSS ) . The to the highest degree decisive of these defect is a neglect SAP Commerce XML validation fault .