SAP Security Notes Summary – April 2023

Traditionally once a month I’ll publish review all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.

SAP ComponentNumberTitleCVSS ScoreReleased On
BC-FES-BUS-DSK2622660Security updates for the browser control Google Chromium delivered with SAP Business Client1011.04.2023
CA-WUI-UI3269352[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)5,411.04.2023
PA-FIO-FO3301457[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)4,311.04.2023
BC-FES-WGU3275458[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML6,111.04.2023
BW-BCT-GEN3305907[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)8,711.04.2023
BC-VCM-LVM3312733[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management6,811.04.2023
BC-FES-INS3311624[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)6,711.04.2023
BC-SRV-AIF3117978[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)3,111.04.2023
BC-SRV-AIF3113349[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)3,711.04.2023
BC-SRV-AIF3115598[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)4,411.04.2023
BC-SRV-AIF3114489[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)3,711.04.2023
BI-BIP-LCM3298961[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )9,811.04.2023
CRM-BF3309056[CVE-2023-27897] Code Injection vulnerability in SAP CRM611.04.2023
CEC-COM-CPS-COR3316509Remote Code Execution vulnerability in SAP Commerce4,711.04.2023
EP-PIN-PRT3289994[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal6,511.04.2023
BC-BSP3303060[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)5,311.04.2023
BC-MID-AC3296378[CVE-2023-28763] – Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform6,511.04.2023
SV-SMG-DIA-SRV-AGT3305369[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)1011.04.2023
BC-JAS-DPL3287784[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service5,311.04.2023
BC-CST-IC3315312[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher511.04.2023
BC-CCM-PRN3294595[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform9,611.04.2023
source: www.sap.com

*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Copyright © 2024. SAPBasisWorld.com Privacy Policy