SAP, a German software maker, has announced the release of nine new security notes. The security patches were released as part of the company’s November Security Patch day, which includes fixes for two critical bugs. The critical flaws lie in BusinessObjects and SAPUI5. Additionally, the company released updates to two previously released notes that were distributed between October and November. Three of this month’s security notes are marked as high risk.
The first of the high risk vulnerabilities patches include a critical severity insecure deserialization of untrusted data and is located in the BusinessObjects Business Intelligence platform. The flaw carries a CVSS score of 9.9, making it extremely high risk. It could allow an unauthenticated attacker with low privileges to perform admin actions and replace objects with malicious content.