On 10th of May 2016, SAP released 10 security notes (patches), 1 of them with critical priority, 2 with high priority, while the rest were released with low or medium priority. The patches are related with the following vulnerabilities: Missing authorization checking, Information discloure, cross site scripting, clickjacking and missing authentications.
It is necessary to highlight security patch which affects AP NetWeaver AS ABAP, as its application removes the risk of an attacker using hardcoded data to get unauthorized access and perform various actions in the system, such as implementing a system backdoor.
Via : INCIBE