SAP released the September 2019 Security Patch that addressed four Security Notes rated as Hot News by the company. The new Security Note addresses a code injection vulnerability in SAP NetWeaver AS for Java (Web Container) The issue, tracked as CVE-2019-0355, received a CVSS score of 9.1. The vulnerability affects the SAP default implementation of the HTTP PUT method, an attacker could exploit the flaw to bypass the input validation check. SAP also released a set of security patches after the second Tuesday of last month and before this month.”]
Source: https://securityaffairs.co/wordpress/91166/security/sap-september-2019-patch.html