SAP has issued a total of 80 notes in the first quarter of 2017.
There were 23 notes in January. One of them as a critical priority (Hot News) and two of them as a high priority. The note with critical priority (9,8 of CVSS) affects SySAM (buffer overflow). Most of the notes apply to ABAP Netweaver (10/23), and the most prevalent types are “Missing Authoritation Check” and “Cross-Site-Scripting-XSS”.
There were 22 notes in February, 7 of them as high priority and 15 as medium priority. The highest CVSS value is 8.5, due to lack of authorization check in SAP Netweaver Data Orchastration Engine. Most of the notes apply to ABAP Netweaver (10/23), and the most prevalent types are “Missing Authoritation Check” and “Cross-Site-Scripting-XSS”.
There were 35 notes in March, 1 of them as a critical priority and other of them with high priority for Patch Day. The critical note has a CVSS of 9,8 and it affects to the tools of SAP Hanna’s self-service.
For more information see the links above.