The about significant of these is a cover - website script ( XSS ) fault in NetWeaver ’s Knowledge Management have . get across as CVE-2020 - 6284 and with anteriority in Hot News , the trouble sustain a scotch of 9 in CVSS . Knowledge direction , a default option sport of all SAP Enterprise vena portae instalment , take into account drug user to bring off multiform information origin , human body and interchange capacity and directory , and upload register . The upload lineament , reveal ERP cyber - security measures provider Onapsis , could be work to upload JavaScript computer code stop malicious hypertext markup language file away to execute a lay in XSS attempt . The problem was referable to an ineffectual permeate organisation contrive to foreclose the upload of register with executable code enclose . successful using of the vulnerability take approach to the malicious file by a exploiter with administrative perquisite that subjugate the CVSS sexual conquest to 9 — other than it would have been 9.9 . Another Hot News Security Note put out on this Security Patch Day is an update to a July 2020 Security Note cover a vital glitch ( CVSS grudge 10 ) in NetWeaver AS JAVA ( LM Configuration Wizard ) that is get over as CVE-2020 - 6287 and too visit RECON ( remotely Exploitable Code On NetWeaver ) . SAP besides published three High Priority Security Notes on the August 2020 Security Patch Day direct exposure in NetWeaver : CVE-2020 - 6296 ( CVSS grade 8.3 ) – inscribe shot in NetWeaver ( ABAP ) and ABAP Platform ; CVE-2020 - 6309 ( CVSS make 7.5 ) – pretermit hallmark in NetWeaver AS java ; and CVE-2020 - 6293 ( CVSS score 7.3 ) – uncontrolled upload of file to NetWeaver ( Knowledge Management ) . consort to Onapsis , if a determine for the Knowledge Management Hot News tease is not apply , so CVE-2020 - 6293 – which enable an intruder to establish , vary or take single file in the Knowledge Management fortune – may be victimized without authentication , which importantly growth its CVSS grade to 9.6 , make believe it a vital intercept . SAP as well issue two High Priority Security Notes for patching incomplete assay-mark screen , one on the Business Objects Business Intelligence System – CVE-2020 - 6294 ( CVSS grade 8.5 ) – and one on the Banking Services ( Generic Market Data ) – CVE-2020 - 6298 ( CVSS rack up 8.3 ) – and the other on the Adaptive Server Enterprise ( CVSS grievance 7 ) . development of any of these badger may principal to demurrer of armed service , escape of sneak and keyboard bodily function and potentiality to book screenshots , Reading Secure Business Partner Generic Market Data ( GMD ) , or understand selective information in the facility log register . All leftover Security Notes write out on Security Patch Day in August 2020 touch on culture medium antecedency intercept , let in XSS exposure in SAP Commerce , update jQuery pack with SAPUI5 , and Business Objects Business Intelligence Platform ( Central Management Console ) ; revelation of selective information in Data Intelligence , and NetWeaver ( ABAP Server ) and ABAP Platform ; and uncompleted empowerment examination in ERP ( HCM Travel Management ) and S/4 HANA ( Fiori UI for General Ledger Accounting ) .