SAP released the September 2019 Security Patch that addressed four Security Notes rated as Hot News by the company, but only one of them is new.
SAP released 16 new or updated Security Notes, the overall number of Security Notes published this month is lower than in August.
The new Security Note addresses a code injection vulnerability in SAP NetWeaver AS for Java (Web Container). The issue, tracked as CVE-2019-0355, received a CVSS score of 9.1.
The vulnerability affects the SAP default implementation of the HTTP PUT method, an attacker could exploit the flaw to bypass the input validation check.