SAP Security Notes Summary – April 2024
Traditionally once a month I’ll publish a review of all SAP security notes and news that were released in a given month. SAP Security Notes contain SAP’s expert advice regarding important action items and patches to ensure the security of your systems.
SAP Component | Number | Title | CVSS Score | Released On |
---|---|---|---|---|
BC-FES-BUS-DSK | 2622660 | Security updates for the browser control Google Chromium delivered with SAP Business Client | 10 | 23.04.2024 |
KM-SEN-MGR | 3441944 | [CVE-2024-32730] Missing authorization check in SAP Enable Now Manager | 6,5 | 23.04.2024 |
LOD-HCI-PI-OP-NM | 3442741 | Stack overflow vulnerability on the component images of SAP Integration Suite (EDGE INTEGRATION CELL) | 6,8 | 9.04.2024 |
BI-RA-WBI | 3421384 | [CVE-2024-25646] Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence | 7,7 | 9.04.2024 |
BC-MID-BUS | 3421453 | [Multiple CVEs] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Connector | 4,8 | 9.04.2024 |
FIN-FSCM-CLM-BAM | 3430173 | [CVE-2024-30217] Missing Authorization check in SAP S/4 HANA (Cash Management) | 4,3 | 9.04.2024 |
FIN-FSCM-CLM-BAM | 3427178 | [CVE-2024-30216] Missing Authorization check in SAP S/4 HANA (Cash Management) | 4,3 | 9.04.2024 |
BC-CST-DP | 3359778 | [CVE-2024-30218] Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform | 6,5 | 9.04.2024 |
FI-AA-AA-A | 3438234 | [CVE-2024-27901] Directory Traversal vulnerability in SAP Asset Accounting | 7,2 | 9.04.2024 |
BC-ESI-WS-JAV-RT | 3425188 | [CVE-2024-27898] Server-Side Request Forgery in SAP NetWeaver (tc~esi~esp~grmg~wshealthcheck~ear) | 5,3 | 9.04.2024 |
BC-JAS-SEC-UME | 3434839 | [CVE-2024-27899] Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine | 8,8 | 9.04.2024 |
PA-FIO-LEA | 3164677 | [CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request) | 6,5 | 9.04.2024 |
MM-FIO-PUR-REQ-SSP | 3156972 | [CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) | 6,1 | 9.04.2024 |
FIN-CS-CDC-DC | 3442378 | [CVE-2024-28167] Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data) | 6,5 | 9.04.2024 |
*The characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.