SAP Security Notes Summary – April 2023
Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 11.04.2023 |
CA-WUI-UI | 3269352 | [CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) | 5,4 | 11.04.2023 |
PA-FIO-FO | 3301457 | [CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0) | 4,3 | 11.04.2023 |
BC-FES-WGU | 3275458 | [CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML | 6,1 | 11.04.2023 |
BW-BCT-GEN | 3305907 | [CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON) | 8,7 | 11.04.2023 |
BC-VCM-LVM | 3312733 | [CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management | 6,8 | 11.04.2023 |
BC-FES-INS | 3311624 | [CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program) | 6,7 | 11.04.2023 |
BC-SRV-AIF | 3117978 | [CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service) | 3,1 | 11.04.2023 |
BC-SRV-AIF | 3113349 | [CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) | 3,7 | 11.04.2023 |
BC-SRV-AIF | 3115598 | [CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) | 4,4 | 11.04.2023 |
BC-SRV-AIF | 3114489 | [CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring) | 3,7 | 11.04.2023 |
BI-BIP-LCM | 3298961 | [CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management ) | 9,8 | 11.04.2023 |
CRM-BF | 3309056 | [CVE-2023-27897] Code Injection vulnerability in SAP CRM | 6 | 11.04.2023 |
CEC-COM-CPS-COR | 3316509 | Remote Code Execution vulnerability in SAP Commerce | 4,7 | 11.04.2023 |
EP-PIN-PRT | 3289994 | [CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal | 6,5 | 11.04.2023 |
BC-BSP | 3303060 | [CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages) | 5,3 | 11.04.2023 |
BC-MID-AC | 3296378 | [CVE-2023-28763] – Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform | 6,5 | 11.04.2023 |
SV-SMG-DIA-SRV-AGT | 3305369 | [CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector) | 10 | 11.04.2023 |
BC-JAS-DPL | 3287784 | [CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service | 5,3 | 11.04.2023 |
BC-CST-IC | 3315312 | [CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher | 5 | 11.04.2023 |
BC-CCM-PRN | 3294595 | [CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform | 9,6 | 11.04.2023 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.