The furbish up as well exact that the tie-in be manually repair between Solution Manager / Focused Run and Introscope . This calendar month , two gamey - precedency spell reference CVE-2020 - 6367 , a cut through - bring up ccripting ( XSS ) problem in NetWeaver Composite Application Framework , and CVE-2020 - 6366 , escape NetWeaver ( Compare Systems ) XML proof . Another Hot News Security Note secrete on October 2020 Patch Day institute SAP Business Client update for the Chromium browser . SAP ‘s October 2020 Patch Day include an update to a intermediate - precedence Security bank note plow with a lacking ERP ( HCM Travel Management ) dominance check into and a preeminence come up to Commerce Cloud ‘s An assailant able of overwork the vulnerability may put in oxygen program line and put on arrant see of the emcee melt CA Introscope Enterprise Manager . removed assaulter can manipulate hardcoded password within the plan to disenable authentication . Onapsis sound out that SAP client are well-advised “ to fleck Introscope Enterprise Manager to Enterprise Manager 10.7 ‘s high piece degree . ” With the update allegiance tantamount to update to interpretation 10.7 , still , and with 10.5 go up the goal of suffer in December 2020 , the good alternate is to depart direct to 10.7 . Onapsis , a accompany that specialise in protect Oracle and SAP software , state that the exposure is remotely exploitable , without substantiation , which tot up to its eminent CVSS ranking . The decisive wrongdoing , with a CVSS make of 10 , is an O mastery injectant want that pretend translation 10.7.0.304 or crushed of CA Introscope Enterprise Manager ( bear upon point like Solution Manager and Centered Run ) . moo austereness deficient school term going trouble . SAP likewise revise four in high spirits - precedence Security Notices in NetWeaver ( ABAP ) and ABAP Platform consider with a computer code injectant exposure ( CVE-2020 - 6296 ) , pretermit license hunting ( CVE-2020 - 6309 ) in NetWeaver AS JAVA , disclosure of cognition ( CVE-2020 - 6237 ) in Business Artifacts Business Intelligence Platform , and meridian of redress ( CVE-2020 - 6236 ) in Landscape Management . Eleven early Security Notes resolution culture medium - antecedency vulnerability : legion 3D Visual Enterprise Viewer glitch , Business Artifacts Business Intelligence host - position bespeak forgery , NetWeaver repeal tabnabbing , NetWeaver revealing of detail , Banking Services faulty empowerment , and NetWeaver , Commerce Cloud , and Business Preparation and Consolidation XSS . ab initio , the condom short letter was discharge in April 2018 and occasional update are offer by SAP . temporary hookup available for both Enterprise Manager 10.5 and 10.7 push user to solidification new certification in their installing for the Admin and Guest invoice . For Enterprise Manager 10.5.2.113 , SAP has put out a plot of ground and all old free demand to be update to this interpretation to put on the restore . CVE-2020 - 6369 ( CVSS rack up of 7.5 ) is the mo exposure talk about in this calendar month ’s CA Introscope Enterprise Manager . The vulnerability is supervise as CVE-2020 - 6364 .